The issue of not getting consistent updates has been a problem with Android since the very beginning. Android phones are extremely slow to get updates. Well, most of the phones do not even get updated after getting out of the box. Google released the latest update of Android in February, but even now only 1.1 percent of Android users have experienced it. To make all of this worse, it has been found that some of the OEMs have been lying about security patches.
The “patch-gap”:
Security Research Labs, a research firm has found that a number of Android manufacturers are lying about the security updates. Two researchers from the lab, Karsten Nohl and Jakob Lell have been analyzing Android devices. They have researched to check the gap between the security patches and the threats they were to protect against. The researchers have found many devices, where the phone software would claim to be up to date but was actually missing up to 10 security patches. The worst part is some OEMs have simply moved the patch dates forward and updated nothing at all. They did not provide a single patch while the software claimed to be up to date.
OEMs were found manipulating the date of the security patch shown in settings. They have been doing this by modifying ro.build.version.security patch in build.prop. “We found several vendors that didn’t install a single patch but changed the patch date forward by several months,” Nohl told Wired. “That’s deliberate deception, and it’s not very common.”
Security Research Labs have tested the firmware from 1200 phones which includes testing “patch-gap” for every security update released. Phones from Samsung and Sony missed occasional patches. While other OEMs like Xiaomi, OnePlus and Nokia missed at least 1-3 patches. Furthermore, brands like HTC, Huawei, LG and Motorola have been found missing at least 3-4 security patches.
The team at security research labs have also developed a tool which allows Android users to check the patch-gap on their smartphones. Researchers have released the app named SnoopSnitch available on Google Play store. The app can analyze the firmware on your phone to check for missed security patches.