Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


112 posts

Master Geek
+1 received by user: 12


Topic # 236011 13-May-2018 20:26
Send private message

Your phone reports it has been updated and when you check, YES, there it is, the latest security date shows in About Phone.

 

However, some naughty manufacturers will update the security date on a phone but not actually install any patches - according to some German researchers reported in a UK paper.

 

Most are not that bad, but still miss out some of Google's patches when they provide a security update.

 

They report the following number of Google issued patches typically NOT installed by the manufacturer when they show a security update:

 

0 - 1: Google, Sony and Samsung
1 - 3: OnePlus and Nokia
3 - 4: HTC, Huawei, LG and Motorola
> 4: TCL and ZTE
All - some naughty NAUGHTY companies that they don't list.

 

Hmmm, I'm surprised Google allows this. Well, I'm not actually.


Filter this topic showing only the reply marked as answer Create new topic

gzt

10124 posts

Uber Geek
+1 received by user: 1540


  Reply # 2015387 13-May-2018 21:52
One person supports this post
Send private message

This came out a while ago. I recall in some cases it is more complex than it appears. For instance if a manufacturer does not use a particular module then no need to patch that particular module.

If they are using an unpatched module and claiming to patch it - that would be shocking.

It's unclear to me exactly what they are calling out and how bad it is. The time to patch for some manufacturers is the worst part by far.



112 posts

Master Geek
+1 received by user: 12


  Reply # 2015418 13-May-2018 23:08
Send private message

@gzt thanks for the added info.

 

I originally read the article ages ago so I've just gone back and re-looked at the original research article and it seems the numbers are a movable feast (they periodically update the data table).

 

If I update the above companies to the latest results most improve:

 

0 - 1: Google, Sony, Samsung, Oneplus, LG, Motorola
1 - 2: Nokia, HTC
2 - 4: ZTE TCL

 

Did the results improve because of the publication, or did the research methodology change?

 

I see in more recent reports that Google is likely to insist on monthly security updates at some stage in the not too distant future. Glad to see it.


'That VDSL Cat'
8446 posts

Uber Geek
+1 received by user: 1816

Trusted
Spark
Subscriber

  Reply # 2015451 13-May-2018 23:42
One person supports this post
Send private message

The callout seems to be missing patches, rather than testing for the existence of an exploit known to said patches.

 

 

 

what's to say a provider hasn't got their own bit of software they use, as such their own patch is required to fix it not googles?...





#include <std_disclaimer>

 

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.


2519 posts

Uber Geek
+1 received by user: 321


  Reply # 2015549 14-May-2018 10:00
Send private message

The Snoopsnitch app seems to certify the patch level of the phone rather than check that the latest patches are present. My Motorola gets its 1 April level certified all results green etc with no reference to any patches from the 1 May release.

1536 posts

Uber Geek
+1 received by user: 349


  Reply # 2016179 15-May-2018 10:24
Send private message

The state of Androids & security patches is a disgrace
Google & the ph manufacturers dont give a rats arse.

 

In general, mid range & cheap phones are abandoned after release (just a few exceptons). I have NEVER had any Android update or patches
for any of the many Android devices Ive owned
Even flagship models can be abandoned after a few years .
My LG : nothing available, no patches , no updates, nothing.
My many Samsungs : no patches, no updates nothing.
Add to that the fact the Android arnt even patching old versions of Android any more . So Millions of phones will never get patched .


17957 posts

Uber Geek
+1 received by user: 5171

Trusted
Lifetime subscriber

  Reply # 2016441 15-May-2018 17:53
One person supports this post
Send private message

1101:

 

The state of Androids & security patches is a disgrace
Google & the ph manufacturers dont give a rats arse.

 

In general, mid range & cheap phones are abandoned after release (just a few exceptons). I have NEVER had any Android update or patches
for any of the many Android devices Ive owned
Even flagship models can be abandoned after a few years .
My LG : nothing available, no patches , no updates, nothing.
My many Samsungs : no patches, no updates nothing.
Add to that the fact the Android arnt even patching old versions of Android any more . So Millions of phones will never get patched .

 

 

I too have owned MANY phones, and unless your phones are quite old, I can't see how you haven't been getting updates? I get monthly ones on my Note 8, and I got semi regular updates on my previous Samsung, Sony devices. 

 

I am not saying it's GOOD, but it's not as bad as you make it out to be.

 

 


gzt

10124 posts

Uber Geek
+1 received by user: 1540


  Reply # 2016449 15-May-2018 18:29
Send private message

1101:

The state of Androids & security patches is a disgrace
Google & the ph manufacturers dont give a rats arse.


In general, mid range & cheap phones are abandoned after release (just a few exceptons). I have NEVER had any Android update or patches
for any of the many Android devices Ive owned
Even flagship models can be abandoned after a few years .
My LG : nothing available, no patches , no updates, nothing.
My many Samsungs : no patches, no updates nothing.
Add to that the fact the Android arnt even patching old versions of Android any more . So Millions of phones will never get patched .


Yes this is why you want one of the new mid range nokias with Android One.

Other manufacturers will start to follow this pretty quick or nokia will wipe the floor with them.

26935 posts

Uber Geek
+1 received by user: 6378

Moderator
Trusted
Biddle Corp
Lifetime subscriber

  Reply # 2016456 15-May-2018 18:47
One person supports this post
Send private message

1101:

 

Even flagship models can be abandoned after a few years .

 

 

Two years is the accepted and published timeframes for Android updates from most major manufacturers. Some extend that to three years but only for security updates after two years.

 

The current Pixel is the exception where Google committed to updates for three years.

 

 


gzt

10124 posts

Uber Geek
+1 received by user: 1540


  Reply # 2016470 15-May-2018 19:28
Send private message

Good points. Project Treble will hopefully provide additional opportunities for up to date operating systems for older hardware independent of the manufacturer. This will be available on any new phone very soon.

1536 posts

Uber Geek
+1 received by user: 349


  Reply # 2017421 17-May-2018 09:57
Send private message

networkn:

 

I too have owned MANY phones, and unless your phones are quite old, I can't see how you haven't been getting updates? I get monthly ones on my Note 8, and I got semi regular updates on my previous Samsung, Sony devices. 

 

I am not saying it's GOOD, but it's not as bad as you make it out to be.

 



 

Techies with higher end phones may not have that issue. Joe Public with his cheap phone or older phone...
Its an issue for mid range/low end phones. The phones that possibly are the biggest sellers.
https://www.tomsguide.com/us/android-security-update-list,news-25221.html

 

https://www.esecurityplanet.com/mobile-security/over-50-percent-of-android-devices-have-unpatched-security-flaws.html

 

This is good news however, if implemented
https://www.digitaltrends.com/mobile/google-oems-security-updates-agreement/
"Perhaps even more important, Google will be tweaking the agreement it has with manufacturers to include security updates — meaning that contractually, to use the official version of Android, manufacturers may have to stay up-to-date with the latest Android patches."

 

 

 

 


17957 posts

Uber Geek
+1 received by user: 5171

Trusted
Lifetime subscriber

  Reply # 2017618 17-May-2018 13:02
Send private message

1101:

 

This is good news however, if implemented
https://www.digitaltrends.com/mobile/google-oems-security-updates-agreement/
"Perhaps even more important, Google will be tweaking the agreement it has with manufacturers to include security updates — meaning that contractually, to use the official version of Android, manufacturers may have to stay up-to-date with the latest Android patches."

 

 

I agree. It should have really been mandatory from the start. 

 

 


BDFL - Memuneh
61189 posts

Uber Geek
+1 received by user: 11971

Administrator
Trusted
Geekzone
Lifetime subscriber

  Reply # 2017624 17-May-2018 13:17
Send private message

Got the new Nokia 7 Plus and Nokia 6.1 and was happy to see both as AndroidOne devices and Project Treble-enabled.





Filter this topic showing only the reply marked as answer Create new topic

Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.