Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsAndroidSecurity Updates. So you thought you had been patched.
MartinGZ

359 posts

Ultimate Geek

Subscriber

#236011 13-May-2018 20:26
Send private message

Your phone reports it has been updated and when you check, YES, there it is, the latest security date shows in About Phone.

 

However, some naughty manufacturers will update the security date on a phone but not actually install any patches - according to some German researchers reported in a UK paper.

 

Most are not that bad, but still miss out some of Google's patches when they provide a security update.

 

They report the following number of Google issued patches typically NOT installed by the manufacturer when they show a security update:

 

0 - 1: Google, Sony and Samsung
1 - 3: OnePlus and Nokia
3 - 4: HTC, Huawei, LG and Motorola
> 4: TCL and ZTE
All - some naughty NAUGHTY companies that they don't list.

 

Hmmm, I'm surprised Google allows this. Well, I'm not actually.




Nokia 6110, 6210, 6234, Sony Ericsson XPERIA X1, Huawei Ideos X5 (Windows Mobile), Samsung Galaxy SIII, LG G4, OnePlus 5, iPhone Xs Max (briefly), S21 Ultra. And I thought I hadn't had many phones - but the first one around 1997.

Filter this topic showing only the reply marked as answer Create new topic

gzt

gzt
17104 posts

Uber Geek

Lifetime subscriber

  #2015387 13-May-2018 21:52
Send private message

This came out a while ago. I recall in some cases it is more complex than it appears. For instance if a manufacturer does not use a particular module then no need to patch that particular module.

If they are using an unpatched module and claiming to patch it - that would be shocking.

It's unclear to me exactly what they are calling out and how bad it is. The time to patch for some manufacturers is the worst part by far.



MartinGZ

359 posts

Ultimate Geek

Subscriber

  #2015418 13-May-2018 23:08
Send private message

@gzt thanks for the added info.

 

I originally read the article ages ago so I've just gone back and re-looked at the original research article and it seems the numbers are a movable feast (they periodically update the data table).

 

If I update the above companies to the latest results most improve:

 

0 - 1: Google, Sony, Samsung, Oneplus, LG, Motorola
1 - 2: Nokia, HTC
2 - 4: ZTE TCL

 

Did the results improve because of the publication, or did the research methodology change?

 

I see in more recent reports that Google is likely to insist on monthly security updates at some stage in the not too distant future. Glad to see it.




Nokia 6110, 6210, 6234, Sony Ericsson XPERIA X1, Huawei Ideos X5 (Windows Mobile), Samsung Galaxy SIII, LG G4, OnePlus 5, iPhone Xs Max (briefly), S21 Ultra. And I thought I hadn't had many phones - but the first one around 1997.

hio77
12999 posts

Uber Geek

ID Verified
Trusted
Lizard Networks

  #2015451 13-May-2018 23:42
Send private message

The callout seems to be missing patches, rather than testing for the existence of an exploit known to said patches.

 

 

 

what's to say a provider hasn't got their own bit of software they use, as such their own patch is required to fix it not googles?...




#include <std_disclaimer>

 

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.

 

 



Bung
6477 posts

Uber Geek

Subscriber

  #2015549 14-May-2018 10:00
Send private message

The Snoopsnitch app seems to certify the patch level of the phone rather than check that the latest patches are present. My Motorola gets its 1 April level certified all results green etc with no reference to any patches from the 1 May release.

1101
3122 posts

Uber Geek


  #2016179 15-May-2018 10:24
Send private message

The state of Androids & security patches is a disgrace
Google & the ph manufacturers dont give a rats arse.

 

In general, mid range & cheap phones are abandoned after release (just a few exceptons). I have NEVER had any Android update or patches
for any of the many Android devices Ive owned
Even flagship models can be abandoned after a few years .
My LG : nothing available, no patches , no updates, nothing.
My many Samsungs : no patches, no updates nothing.
Add to that the fact the Android arnt even patching old versions of Android any more . So Millions of phones will never get patched .

networkn
Networkn
32350 posts

Uber Geek

ID Verified
Trusted
Lifetime subscriber

  #2016441 15-May-2018 17:53
Send private message

1101:

 

The state of Androids & security patches is a disgrace
Google & the ph manufacturers dont give a rats arse.

 

In general, mid range & cheap phones are abandoned after release (just a few exceptons). I have NEVER had any Android update or patches
for any of the many Android devices Ive owned
Even flagship models can be abandoned after a few years .
My LG : nothing available, no patches , no updates, nothing.
My many Samsungs : no patches, no updates nothing.
Add to that the fact the Android arnt even patching old versions of Android any more . So Millions of phones will never get patched .

 

 

I too have owned MANY phones, and unless your phones are quite old, I can't see how you haven't been getting updates? I get monthly ones on my Note 8, and I got semi regular updates on my previous Samsung, Sony devices. 

 

I am not saying it's GOOD, but it's not as bad as you make it out to be.

 

 

gzt

gzt
17104 posts

Uber Geek

Lifetime subscriber

  #2016449 15-May-2018 18:29
Send private message

1101:

The state of Androids & security patches is a disgrace
Google & the ph manufacturers dont give a rats arse.


In general, mid range & cheap phones are abandoned after release (just a few exceptons). I have NEVER had any Android update or patches
for any of the many Android devices Ive owned
Even flagship models can be abandoned after a few years .
My LG : nothing available, no patches , no updates, nothing.
My many Samsungs : no patches, no updates nothing.
Add to that the fact the Android arnt even patching old versions of Android any more . So Millions of phones will never get patched .


Yes this is why you want one of the new mid range nokias with Android One.

Other manufacturers will start to follow this pretty quick or nokia will wipe the floor with them.

 
 
 
 

Cloud spending continues to surge globally, but most organisations haven’t made the changes necessary to maximise the value and cost-efficiency benefits of their cloud investments. Download the whitepaper From Overspend to Advantage now.
sbiddle
30853 posts

Uber Geek

Retired Mod
Trusted
Biddle Corp
Lifetime subscriber

  #2016456 15-May-2018 18:47
Send private message

1101:

 

Even flagship models can be abandoned after a few years .

 

 

Two years is the accepted and published timeframes for Android updates from most major manufacturers. Some extend that to three years but only for security updates after two years.

 

The current Pixel is the exception where Google committed to updates for three years.

 

 

gzt

gzt
17104 posts

Uber Geek

Lifetime subscriber

  #2016470 15-May-2018 19:28
Send private message

Good points. Project Treble will hopefully provide additional opportunities for up to date operating systems for older hardware independent of the manufacturer. This will be available on any new phone very soon.

1101
3122 posts

Uber Geek


  #2017421 17-May-2018 09:57
Send private message

networkn:

 

I too have owned MANY phones, and unless your phones are quite old, I can't see how you haven't been getting updates? I get monthly ones on my Note 8, and I got semi regular updates on my previous Samsung, Sony devices. 

 

I am not saying it's GOOD, but it's not as bad as you make it out to be.

 



 

Techies with higher end phones may not have that issue. Joe Public with his cheap phone or older phone...
Its an issue for mid range/low end phones. The phones that possibly are the biggest sellers.
https://www.tomsguide.com/us/android-security-update-list,news-25221.html

 

https://www.esecurityplanet.com/mobile-security/over-50-percent-of-android-devices-have-unpatched-security-flaws.html

 

This is good news however, if implemented
https://www.digitaltrends.com/mobile/google-oems-security-updates-agreement/
"Perhaps even more important, Google will be tweaking the agreement it has with manufacturers to include security updates — meaning that contractually, to use the official version of Android, manufacturers may have to stay up-to-date with the latest Android patches."

 

 

 

 

networkn
Networkn
32350 posts

Uber Geek

ID Verified
Trusted
Lifetime subscriber

  #2017618 17-May-2018 13:02
Send private message

1101:

 

This is good news however, if implemented
https://www.digitaltrends.com/mobile/google-oems-security-updates-agreement/
"Perhaps even more important, Google will be tweaking the agreement it has with manufacturers to include security updates — meaning that contractually, to use the official version of Android, manufacturers may have to stay up-to-date with the latest Android patches."

 

 

I agree. It should have really been mandatory from the start. 

 

 

freitasm
BDFL - Memuneh
79253 posts

Uber Geek

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #2017624 17-May-2018 13:17
Send private message

Got the new Nokia 7 Plus and Nokia 6.1 and was happy to see both as AndroidOne devices and Project Treble-enabled.




Please support Geekzone by subscribing, or using one of our referral links: Samsung | AliExpress | Wise | Sharesies | Hatch | GoodSyncBackblaze backup

Filter this topic showing only the reply marked as answer Create new topic





News and reviews »

Air New Zealand Starts AI adoption with OpenAI
Posted 24-Jul-2025 16:00

eero Pro 7 Review
Posted 23-Jul-2025 12:07

BeeStation Plus Review
Posted 21-Jul-2025 14:21

eero Unveils New Wi-Fi 7 Products in New Zealand
Posted 21-Jul-2025 00:01

WiZ Introduces HDMI Sync Box and other Light Devices
Posted 20-Jul-2025 17:32

RedShield Enhances DDoS and Bot Attack Protection
Posted 20-Jul-2025 17:26

Seagate Ships 30TB Drives
Posted 17-Jul-2025 11:24

Oclean AirPump A10 Water Flosser Review
Posted 13-Jul-2025 11:05

Samsung Galaxy Z Fold7: Raising the Bar for Smartphones
Posted 10-Jul-2025 02:01

Samsung Galaxy Z Flip7 Brings New Edge-To-Edge FlexWindow
Posted 10-Jul-2025 02:01

Epson Launches New AM-C550Z WorkForce Enterprise printer
Posted 9-Jul-2025 18:22

Samsung Releases Smart Monitor M9
Posted 9-Jul-2025 17:46

Nearly Half of Older Kiwis Still Write their Passwords on Paper
Posted 9-Jul-2025 08:42

D-Link 4G+ Cat6 Wi-Fi 6 DWR-933M Mobile Hotspot Review
Posted 1-Jul-2025 11:34

Oppo A5 Series Launches With New Levels of Durability
Posted 30-Jun-2025 10:15








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.







RSS feeds
Main feed
Forums feed
Copyright
©2002-2025 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Affiliate links
Samsung
AliExpress
Wise
Sharesies
GoodSync
Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright