Electronics

How to find out how 'safe/unsafe' your Android smartphone is

How to find out how 'safe/unsafe' your Android smartphone is

This is the claim from Germany's Security Research Labs (SRL), after its researchers conducted a two-year study into the state of Android security, focused around the monthly updates that Google issues. After putting all the available vendors under grueling tests, the outcome blamed Chinese smartphone maker TCL and ZTE to majorly missing on security updates, with the top score of 4 patches. And as vendors chalk up security points for non-existent patches, end users are left with a false sense of security. Thankfully, there's an app called "SnoopSnitch" that allows you to check if your phone is running the security patches that the phone claims to be running...

Some Android vendors are purposefully lying about the latest security update on their phones. Overall, they identified a so-called "patch gap".

Ever since, it has been pushing the industry to adopt the regular updates as part of an effort to clean up Android's image and improve security.

Bayern Munich confirm Kovac will replace Heynckes as coach
The current Eintracht Frankfurt boss will replace Heynckes in the summer, and has signed a three-year deal at the Allianz Arena. A host of top coaches have been linked with the Bayern job.

SRL tested 1,200 devices from over a dozen Android smartphone makers and found that Google smartphones were the only ones that contained all the security patches that were advertized in software updates released in 2017. "These layers of security-combined with the tremendous diversity of the Android ecosystem-contribute to the researchers' conclusions that remote exploitation of Android devices remains challenging".

While many of these missed security patches may not be inherently risky in isolation, hackers typically chain together multiple security holes to reach their goal, taking over devices and stealing data. In some cases, these chipsets were found to include bugs and as a result, vendors had to rely on chipset makers to roll out patches before implementing OS software updates. Unfortunately, it looks like many manufacturers are doing a poor job of it, with security researchers this week saying that many vendors simply skip patches and tell users that they are up to date. Presenting the results of SRLs finding at a security conference, researcher Karsten Nohl said, "We found several vendors that didn't install a single patch but changed the patch date forward by several months". Other manufacturers like Xiaomi, OnePlus, and Nokia skipped between one and three security updates, on average. And some patches may have been missed, says Google, because the manufacturer removed the offending feature instead of fixing it with the patch. Google says that some of the devices in the study may not have been Android certified devices, which means that Google's standards of security would not apply to them.

The Google Pixel 2 XL running on the first Android P Developer Preview with March 2018 Security Patches. The company tried to do some damage control by listing its mechanisms like Google Play Protect which are being developed to ensure an extra security layer.