Android smartphone users may be at risk of attack due to lack of security protection, despite thinking they were adequately protected.
Security researchers have claimed that many Android devices may lack adequate security protection due to vendors not making the appropriate security updates available to their smartphone users.
Karsten Nohl and Jakob Lell of Security Research Labs conducted two years of research on a wide range of Android smartphones, discovering that many were not provided with the latest security updates as soon as they were available.
Some devices even lied to their users about updating the latest available software and firmware versions, which means that users could have been at risk of attack.
Device fragmentation has been a challenge for Google for a long time to launch updates for its Android platform, which is by far the most popular m software obile on the planet .
The company usually makes the latest Android updates available to users with their own Pixel and older Nexus devices first, before then deploying them to other manufacturers.
However, the researchers found that many vendors did not make patches available to their clients for months, creating what they call a "patch space." Some devices would tell their users that they had been updated to the latest software or firmware version, but in reality they lacked a dozen vital patches.
"We found several vendors that did not install a single patch but changed the date the patch went ahead for several months," Nohl told WIRED. "That's deliberate deception, and it's not very common."
The investigation covered all Android security patches released in 2017 and used 1,200 different brands of devices, including items from major manufacturers such as Samsung, Motorola and HTC, as well as Google devices.
Android is usually more vulnerable to attack than Apple's iOS platform, however, Google has injected a lot of resources to address security protection on their devices.