Are hardware makers doing enough to keep Android phones secure? – TechCrunch

Mobile


For all the good of Android’s open-source approach, one of the clear and consistent downsides is that the onus to issue software updates falls on the manufacturer. That can mean frustration for those waiting for the latest and greatest feature updates — and in some cases, it can put your phone at risk with delayed or missed security updates.

A pair of researchers at Security Research Labs recently shared a study with Wired highlighting some of these risks. The team’s findings are the result of testing 1,200 Android handsets from all the major manufacturers over the course of two years, examining whether manufacturers had offered the security patches as advertised.

According to SRL, missed security patches were discovered on a wide range of different handsets across manufacturers. Sony and Samsung were both flagged as having missed some security patches — in some cases in spite of reporting that they were up to date. “It’s almost impossible for the user to know which patches are actually installed,” one of the researchers told the site.

Xiaomi, Nokia, HTC, Motorola and LG all made the list, as well, while TCL and ZTE fared the worst in the study, with, on average, not having installed more than four of the patches they claimed to have installed on a given device.

In a statement provided to TechCrunch, Google pointed to the importance of various different means used to secure the Android ecosystem. The company believes that the SRL findings might not tell the full story when it comes to keeping devices secure.

“We would like to thank Karsten Nohl and Jakob Kell for their continued efforts to reinforce the security of the Android ecosystem,” the company writes. “We’re working with them to improve their detection mechanisms to account for situations where a device uses an alternate security update instead of the Google suggested security update. Security updates are one of many layers used to protect Android devices and users. Built-in platform protections, such as application sandboxing, and security services, such as Google Play Protect, are just as important. These layers of security—combined with the tremendous diversity of the Android ecosystem—contribute to the researchers’ conclusions that remote exploitation of Android devices remains challenging.” 

The company also pointed us to this year in review post, which sheds a bit more light on the matter.



Source link

Products You May Like

Articles You May Like

Undercover report shows the Facebook moderation sausage being made – TechCrunch
Fujifilm Instax Square SQ6 Instant Camera unboxing
Peelable circuits make it easy to Internet all the things – TechCrunch
Dialpad dials up $50M Series D led by Iconiq – TechCrunch
Mention Me, the referral marketing platform, raises $7M led by Eight Roads Ventures – TechCrunch

Leave a Reply

Your email address will not be published. Required fields are marked *