Android phones may have hidden missed security patches from you
Apr 13 2018 by Joanne Wise
Meanwhile, Google has responded to the report saying it is working with SRL Labs to further investigate its findings.Google responded to the issue, in an emailed statement to Gadgets 360, "We would like to thank Karsten Nohl and Jakob Kell for their continued efforts to reinforce the security of the Android ecosystem".
Some Androidphone makers have been caught actively deceiving their customers about the security of their smartphones.
It found that in some cases, Android smartphone makers allegedly told users that smartphone's software has been updated with monthly patches when it hasn't. In a practical scenario, when you find that your device's firmware is fully updated, you get a false sense of security. However, a new set of reports now indicate that some OEM's are claiming that their devices are updated with the latest security patches from Google without actually installing them. This is incredibly simple to fake-even you or I could do it on a rooted device by modifying ro.build.version.security_patch in build.prop. This means that the latter two companies have missed at least 4 patches during a security update for one of their devices after October 2017. "These layers of security-combined with the tremendous diversity of the Android ecosystem-contribute to the researchers' conclusions that remote exploitation of Android devices remains challenging".
The decision to choose one smartphone brand over the other is also influenced by how soon the manufacturer is rolling out regular security and software updates. Missed patches refer to those that companies claimed to have installed but were found to be missing. At times it was found that vendors didn't even install a single patch, but only changed the date of the update by forwarding it by several months.
Indeed, Google is the source of Android's security patches.
Missing African athletes in Australia jump to 13
The Cameroonians failing to appear in their events saddened Commonwealth Games Federation chief David Grevemberg . Martin said cleaners had found a needle in a cup in the apartment assigned to Babu and Thodi on Thursday.
While many of these missed security patches may not be inherently unsafe in isolation, hackers typically chain together multiple security holes to reach their goal, taking over devices and stealing data.
Google told Wired, "some of the devices SRL analyzed may not have been Android certified devices, meaning they're not held to Google's standards of security".
Nohl agrees that exploiting Android vulnerabilities remains hard due to these security layers and points out an easier and more common route to compromising Android devices is through the use of malicious apps - either inside Google Play or outside the store.
"Built-in platform protections, such as application sandboxing, and security services, such as Google Play Protect, are just as important", he said.