Security Research Labs researchers have found that some smartphone manufacturers, such as Samsung, Xiaomi, Nokia or Huawei, overlook some security patches in updates. Nevertheless, the system on the smartphone shows that they have been installed. Check if your smartphone has all the security patches.


Android security improvements

Less than three years ago, Google launched a new program that deals with the security of Android. The Americans are constantly investigating the system's code for errors that they patch in monthly security updates. To this end, Google works with partners who also provide relevant updates to their smartphones, or at least they should do so. That's what the theory says. In practice, it is not so funny anymore. Some phones get patches regularly, others once in a while, and the rest do not. In addition, it turns out that even providing updates did not always protect our mobile devices from errors detected by Google.

The producers "forgot" about some of the amendments

Security Research Labs (SRL) has checked the software on 1200 Android phones that received security updates in 2017. It turned out that some of them supposedly had new patches released by Google, but in reality only the number was changed in the settings , and the errors were not repaired. Users were therefore misled because their devices were not as secure as they thought. Only Google has nothing to complain about. The other producers sometimes missed some of the amendments. A small list can be found in this picture:

Liczba pominiętych poprawek przez producentów / Fot. Wired

Liczba średnio pominiętych poprawek przez producentów / Fot. Wired

Unless individual cases can be forgiven, because engineers could simply forget about a given amendment, it's so difficult to close your eyes to recidivism. Probably the most drastic case is the Samsung Galaxy J3 (2016), which in theory got all the possible corrections, but in practice the manufacturer omitted as many as 12 of them , including two critical ones.

SoC manufacturers are not without fault

SRL claims that part of the blame for this situation is falling on manufacturers of processors who do not make appropriate adjustments for their layouts:

Fot. Wired

Fot. Wired

MediaTek is a disgraceful leader here, which is by far the worst of the whole company.

Google stand

Google already knows about the whole matter. According to the company, a partial explanation of the whole case is that not all tested devices were certified by Google, so security standards did not apply to them . In addition, some patches could have been blotted for a very simple reason – the manufacturer could completely remove the malicious function , instead of playing to repair it. However, Google adds that it intends to look closely at the SRL report to learn more from the research.

Check if you're missing patches

In the Google Play store , you can find the SnoopSnitch application from Security Research Labs, through which you can check the security status of your smartphone. Here are the results from Xiaomi Mi 6: Screenshot_2018-04-13-14-49-00-769_de.srlabs.snoopsnitch 10 patches have not been successfully identified, but there is no indication that any of them will be omitted. And how does it look with you? Source: Wired