The vendors of the Android Phones claims that if you are updating your phones regularly then you are having all the latest security patches. A research on security patches carried out in Germany says that the Android vendors who suggest their customers update the phone for latest security patches are not right. The firmware upgrades sometimes delete few critical and important patches from your phone accidentally after you update your phone.
The findings on this security patches come from Karsten Nohl and Jakob Lell at Security Research Labs in Berlin. They have examined about 1,200 firmware samples taken from various smartphones which are sourced to various vendors. The companies like Google, Samsung, and Sony got a very good record of installing the patches but the companies like Lenovo’s Motorola, TCL and ZTE have got the problem to roll out the updates.
NOhl and Lell decided to carry out an investigation on the Android smartphones who received and install the latest Android updates. The duo focuses their investigation on patches for critical or high severity bugs which are released during the year 2017. After their investigation, they found that manufacturers like TCL and ZTE are the biggest offenders as their handsets miss more than 4 patches. The devices which use the processors from Taiwan’s MediaTek miss out 9.7 patches from their phones.
NOhl said in an interview on Thursday that, the patching problems that occur on smartphones can be blamed due to the complexity of the Android ecosystem and poor quality control. When Google realizes new software update, then vendors like Qualcomm and MediaTek test it and make some adjustment and hand it over to Android smartphone makers but they do not test out the Android software across the device.
The whole process that takes place during the test may result in omitting a security patch. Nohl said in a statement that “Vendors generally put in real effort, but things can be forgotten, skipped, or the vendor will want to do it later.” He added by saying that a few years back a security industry has made the problem worse for all as it asked all vendors to do a patch every month which is not possible as the Android ecosystem is very complex.