HTC, Huawei, LG and Motorola were found to be missing 3-4 security patches on average, meanwhile TCL and ZTE tend to miss more than four security updates each year. These security updates are distinct from Android OS updates, and are listed by "Security patch level" dates, which can generally be found in the "System About phone" dialog in the Settings menu on Android devices.
They blogged about the Android ecosystem having a hidden patch gap, and warned that most Android vendors regularly forget to include some patches, leaving parts of the ecosystem exposed to the underlying risks. Android has a lot of manufacturers, and hardly any OEM can keep up with Google's pace of releasing security patches. Now, a study has discovered that manufacturers who claim swifter updates are actually lying to you, and missing out on delivering you the latest patches. Its open-source approach is positive in many ways, but it does mean that the onus to issue software updates falls on the multitudes of manufacturers building Android devices.
However, handsets from less known manufacturers like ZTE and TCL have a worse track record at pushing out security patches. For one, Nohl believes companies like Sony or Samsung may have missed a few patches by accident.
In a statement, Google thanked the researchers for their job. Unfortunately, it looks like many manufacturers are doing a poor job of it, with security researchers this week saying that many vendors simply skip patches and tell users that they are up to date. The devices which use the processors from Taiwan's MediaTek miss out 9.7 patches from their phones.
Five congresspeople and Senator Warren finally object to Israel shooting unarmed Palestinians
People attend a protest against the killing of a fellow journalist Palestinian Yasser Murtaja on April 11, 2018 in Istanbl. The Palestine Red Crescent Society, a humanitarian organisation, has said one of its medics was shot in the knee.
Search results are also cached on the device, enabling Internet users to quickly re-access previous searches, even when offline, without incurring further data costs.
Google said it is investigating the claims and will push any vendor to bring their devices into compliance. That's deliberate deception, and it's not very common, ' Security Research Labs founder Karsten Nohl told the Guardian newspaper.
The security vendor has a free app, Snoopsnitch, in Google's Play store that attempts to analyse how many patches are installed on Android devices. "We're working with them to improve their detection mechanisms to account for situations where a device uses an alternate security update instead of the Google suggested security update". And Android's fragmentation is a problem that remains unsolved.