Your favorite phone maker can offer security updates at a steady pace, but a new report indicates that your smartphone may still be vulnerable to the next big exploit.
This is because the crucial patches are skipped by some of the most prolific players in the smartphone market, according to the in-depth findings of Security Research Labs (SRL).
In a relatively large sample size, companies like Google, Samsung and Sony appear to be strong enforcers to include each patch within their security updates. On the other hand, ZTE, Huawei, LG, HTC, Motorola and other big names seem to omit, sometimes, several patches of their releases. SRL does not specify telephone models, but states that its tests were limited to phones that were patched during and after October 2017. In other words, the tests probably include the latest and best flagship phones.
How does this happen?  It is difficult to specify why some companies do not include patches for each error in a security update. It could be due to lack of resources, the great difficulty of adapting the work across multiple devices or the hope that the next Stagefright attack will not happen again soon.
In a statement provided to TechRadar, a Google spokesman told us that there are cases in which some devices use "an alternative security update instead of the security update suggested by Google". But still, Android has other measures to keep users safe, including application sandboxing (this limits the operation of an application in a larger code environment) and the relatively new Google Play Protect feature that debuted in 2017.  What does it do? Does this mean for you?
Probably nothing. The research firm points out that a missing patch does not necessarily point to guaranteed vulnerabilities, but the big conclusion is that your Android phone may not be as secure as you are led to believe. Of course, Google is best to stick to security updates, but owning Google Pixel 2 is not critical to staying safe as an Android user.
As more manufacturers join the monthly updates, it is critical that each one ensures that the appropriate holes are plugged in. And while it seems a difficult job to keep up as a consumer, the responsibility rests with the software manufacturers, the authors of the report indicated that the SnoopSnitch application will allow you to determine if your updates cover the wide range of patches needed to maintain themselves. as safe as possible.
But if you just do not want to worry (we're sorry), the end of Google's statement states that you can do that: "These layers of security combined with the tremendous diversity of the Android ecosystem." Contribute to the conclusions of the researchers from that remote operation of Android devices remains a challenge. "
SRL states that despite the current situation, it is a great improvement over 2016, according to a report by Duo, a time when only 17% of Los Android phones and tablets were running the latest patch.
Via The Verge