For all the nice of Android’s open-source strategy, one of many clear and constant downsides is that the onus to subject software program updates falls on the producer. That may imply frustration for these ready for the most recent and biggest characteristic updates — and in some instances, it may possibly put your cellphone in danger with delayed or missed safety updates.
A pair of researchers at Safety Analysis Labs not too long ago shared a study with Wired highlighting a few of these dangers. The crew’s findings are the results of testing 1,200 Android handsets from all the main producers over the course of two years, analyzing whether or not producers had supplied the safety patches as marketed.
In accordance with SRL, missed safety patches had been found on a variety of various handsets throughout producers. Sony and Samsung had been each flagged as having missed some safety patches — in some instances regardless of reporting that they had been updated. “It’s virtually unattainable for the person to know which patches are literally put in,” one of many researchers instructed the location.
Xiaomi, Nokia, HTC, Motorola and LG all made the record, as properly, whereas TCL and ZTE fared the worst within the examine, with, on common, not having put in greater than 4 of the patches they claimed to have put in on a given machine.
In an announcement offered to TechCrunch, Google pointed to the significance of assorted totally different means used to safe the Android ecosystem. The corporate believes that the SRL findings won’t inform the total story in terms of conserving gadgets safe.
“We want to thank Karsten Nohl and Jakob Kell for his or her continued efforts to strengthen the safety of the Android ecosystem,” the corporate writes. “We’re working with them to enhance their detection mechanisms to account for conditions the place a tool makes use of an alternate safety replace as an alternative of the Google advised safety replace. Safety updates are certainly one of many layers used to guard Android gadgets and customers. Constructed-in platform protections, similar to software sandboxing, and safety companies, similar to Google Play Shield, are simply as essential. These layers of safety—mixed with the great variety of the Android ecosystem—contribute to the researchers’ conclusions that distant exploitation of Android gadgets stays difficult.”
The corporate additionally pointed us to this year in review post, which sheds a bit extra gentle on the matter.