Skip to main content

Some Android manufacturers lie to customers about installing security updates

Your Android phone may not be as secure as you think it is. According to a recent report from German security firm Security Research Labs, which was first picked up by Wired, not only do many Android manufacturers not always keep up to date with Android security updates, but they actually lie to customers by telling them that their device has the latest patch installed.

It’s troubling news. In recent years, it appeared Android manufacturers were getting better at ensuring that their devices are safe and up to date — but it seems that may not be the case after all.

Recommended Videos

The researchers — Karsten Nohl and Jakob Lell — spent two years analyzing Android devices and checking their code to see if the manufacturers had actually installed the updates, or if they were instead simply claiming that they were up to date. What they found was that many devices had what they called a “patch gap,” where the phone’s software claimed the phones were up to date, but the code proved that often dozens of patches had simply been skipped.

Even worse is the fact that the lying seems to be a pretty common practice. The team tested firmware from a hefty 1,200 phones from the likes of Google, Samsung, HTC, Motorola, ZTE, and TCL, and found that even major releases from massive companies like Samsung occasionally skipped a security patch.

Some manufacturers were worse than others. While the likes of Sony and Samsung only skipped one or no security updates, Xiaomi, OnePlus, and Nokia skipped up to three. HTC, Huawei, LG, and Motorola skipped up to four, and TCL and ZTE skipped more than four. Phones built by Google did not skip security updates. According to SRL, the skipped patches could also be related to the chipset used by the phone. According to the company, phones with Samsung-built chips had very few skipped patches, while phones with MediaTek chipsets skipped a whopping 9.7 patches on average. This may be because bugs are found in the chip rather than the operating system, and the manufacturer then depends on the maker of the chipset to patch those bugs before a security update can be installed.

According to Google, which gave a statement to Wired for the report, one cause for the skipped updates could be that some devices are uncertified, meaning that they’re not held to the same security standard. On top of that, skipping patches could be because of a specific phone not offering the feature that needs to be patched in the first place.

Of course, it really doesn’t matter why manufacturers are skipping updates — what matters is that even when updates are skipped, the software still claims that the phone is up to date when it isn’t. In reality, it’s still extremely hard to hack an Android phone, and there are plenty of other security measures in place to prevent an attack — but the fact is that smartphone manufacturers are lying.

Christian de Looper
Christian de Looper is a long-time freelance writer who has covered every facet of the consumer tech and electric vehicle…
Google Chrome is getting an AI-powered scam sniffer for Android phones
Scam warning from Chrome on Android.

Google’s Chrome browser has offered a rich suite of privacy and safety features for a while now. Take, for example, Enhanced Safe Browsing, which was introduced back in 2020. It protects users against unsafe websites and files by using real-time threat detection. 

Three years later, Google switched it from an opt-in mode to a default safety protocol to guard users against phishing attacks, bad extensions, and malicious downloads. Now, the company is deploying its Gemini Nano AI to safeguard smartphone users against potential online scams, especially those hiding as a tech security warning on webpages.

Read more
Google just leaked images of the upcoming Android redesign
Design elements Google Material 3 Expressive.

Google is due to unveil its new "Material 3 Expressive" design system at I/O 2025 this month, but someone at the company accidentally published a blog post about it this week. It was promptly deleted but the Wayback Machine already archived it and the quick-thinking folks at 9to5Google saved the images as well.

The blog post itself was all about the research that went into the new design system for Android 16. Google spent three years carrying out various studies and experiments with over 18,000 participants, including:

Read more
Intriguing feature shows Google’s serious about security in Android 16
Android 16 logo on Google Pixel 6a standing on a table.

Google is taking security seriously in Android 16, and features proving it are beginning to be spotted inside code for apps related to the next version of its mobile operating system. One such feature is being referred to as the Intrusion Detection System, and it has been found inside code for the Google Play Services app, along with references to it in Android 16 according to a report by Android Authority. 

The Intrusion Detection System’s name gives much of its functionality away. It collects data on specific network and device activity, and stores it in a secure, encrypted log, ready for you to examine should you suspect your device or Google account has been hacked or accessed without your approval. It’s not clear if the feature will directly alert you to suspicious activity though. 

Read more