According to a research from Karsten Nohl and Jakob Lell at Security Research Labs in Berlin, many Android vendors makes false claims of updating their smartphones on a routine basis.
Even more alarming than the number of missed patches is that Security Research Labs states that some vendors weren't just foregoing the patch updates, but going so far as to actively alter the date and version number of the patch to show as if the security update was applied even when it really wasn't.
Sometimes the gap is attributed by researchers to human error: there would be no other reason for manufacturers like Sony or Samsung to miss only some of the patches instead of others. Bringing up the rear are ZTE and TCL, whose phones on average have missed more than four Android security patches.
The patch gap issue is not an isolated case. Though Google publishes updates monthly, device manufacturers are often late to deliver security updates by months at a time. Over the past few years, Google has pushed its OEM partners like smartphone manufacturers to be more aggressive with their updates, but it's been an uphill battle.
When it comes to the consumer, it gets hard to identify if their device has been actually receiving the security update or not.
The core issue seems to be that vendors aren't just neglecting security patches, but they are actively telling users that they have patches installed that aren't present in the firmware: "We found several vendors that didn't install a single patch but changed the patch date forward by several months", Nohl added.
NBA announcer suspended for 'cotton-picking' comment during basketball game
I offer my honest apology and realize that, while I committed a lapse in judgment, such mistakes come with consequences. Its origins are traced back to slavery in the southern United States, when black slaves were forced to harvest cotton.
SRL found that Samsung's budget J3 smartphone claimed to have every security patch from 2017 installed, but it was actually missing 12 of the patches released during that year. "The lesson is that if you go for a cheaper device, you end up in a less well maintained part to this ecosystem", said Nohl. HTC, Huawei, LG and Motorola missed between 3-4 patches whereas TCL and ZTE missed more than 4 patches.
Every now and then Android comes with its new updates or patches that is said to secure your smartphone.
Indeed, Google is the source of Android's security patches.
Scott Roberts, Android's product security lead also noted that security patches are only one level of protection built into Android devices.
In other cases, where upwards of a dozen updates were missed, the blame could fall on chipset manufacturers.
Currently, Google is working with the researchers at SRL to dig deeper into the research findings.
Over 1200 random devices were tested, and several devices were found to be lacking multiple security updates, which is critical for the phone's security, making it vulnerable to multiple hacks.