Your Android phone may not be on the level when it tells you it’s up to date on software.
With security researchers warning that even device-makers releasing relatively timely updates could in fact be missing out security updates.
Over the past few years, Google has pushed its OEM partners like smartphone manufacturers to be more aggressive with their updates, but it’s been an uphill battle.
Wired reports, a team from Security Research Labs plans to reveal a lapse that’s arguably even more concerning.
In a presentation at the Hack in the Box security conference, Karsten Nohl and Jakob Lell will detail the results of two years of reverse-engineering Android device code. The pair looked at 1,200 Android phones to see if the security updates that had been made available were actually included.
Worryingly, in some cases, they were not. “It’s small for some devices and pretty significant for others,” Nohl says. As many as a dozen patches could be absent, the research found.
Even when updates were available, they might not be what they seem. “Sometimes these guys just change the date without installing any patches,” Nohl says. It looked at more than a dozen phone manufacturers, including Google, Samsung, HTC, Motorola, and ZTE.
Nohl says that last point is actually very uncommon, but welcomes more attention to the issue. There are a number of possible contributing factors, the research suggests, beyond just vendor.