Skip to main content

Some Android manufacturers lie to customers about installing security updates

Your Android phone may not be as secure as you think it is. According to a recent report from German security firm Security Research Labs, which was first picked up by Wired, not only do many Android manufacturers not always keep up to date with Android security updates, but they actually lie to customers by telling them that their device has the latest patch installed.

It’s troubling news. In recent years, it appeared Android manufacturers were getting better at ensuring that their devices are safe and up to date — but it seems that may not be the case after all.

The researchers — Karsten Nohl and Jakob Lell — spent two years analyzing Android devices and checking their code to see if the manufacturers had actually installed the updates, or if they were instead simply claiming that they were up to date. What they found was that many devices had what they called a “patch gap,” where the phone’s software claimed the phones were up to date, but the code proved that often dozens of patches had simply been skipped.

Even worse is the fact that the lying seems to be a pretty common practice. The team tested firmware from a hefty 1,200 phones from the likes of Google, Samsung, HTC, Motorola, ZTE, and TCL, and found that even major releases from massive companies like Samsung occasionally skipped a security patch.

Some manufacturers were worse than others. While the likes of Sony and Samsung only skipped one or no security updates, Xiaomi, OnePlus, and Nokia skipped up to three. HTC, Huawei, LG, and Motorola skipped up to four, and TCL and ZTE skipped more than four. Phones built by Google did not skip security updates. According to SRL, the skipped patches could also be related to the chipset used by the phone. According to the company, phones with Samsung-built chips had very few skipped patches, while phones with MediaTek chipsets skipped a whopping 9.7 patches on average. This may be because bugs are found in the chip rather than the operating system, and the manufacturer then depends on the maker of the chipset to patch those bugs before a security update can be installed.

According to Google, which gave a statement to Wired for the report, one cause for the skipped updates could be that some devices are uncertified, meaning that they’re not held to the same security standard. On top of that, skipping patches could be because of a specific phone not offering the feature that needs to be patched in the first place.

Of course, it really doesn’t matter why manufacturers are skipping updates — what matters is that even when updates are skipped, the software still claims that the phone is up to date when it isn’t. In reality, it’s still extremely hard to hack an Android phone, and there are plenty of other security measures in place to prevent an attack — but the fact is that smartphone manufacturers are lying.

Editors' Recommendations

Christian de Looper
Christian’s interest in technology began as a child in Australia, when he stumbled upon a computer at a garage sale that he…
A new Android 15 update just launched. Here’s everything that’s new
Android 15 logo on a Google Pixel 8.

Less than a month ago, Google formally announced Android 15 and released the first developer preview for the software update. Now, Google is rolling out Android 15 Developer Preview 2 — and with it — a few new features that weren't in Developer Preview 1.

So, what's new in this second developer preview? Here are the biggest things to keep an eye out for.
New satellite connectivity features

Read more
Qualcomm is about to make cheap Android phones better than ever
Qualcomm Snapdragon 8s Gen 3 render.

Qualcomm is adding a new top-tier mobile chipset to its portfolio — one that takes the best bits of its flagship Snapdragon 8 Gen 3 silicon, makes some concessions, and serves it all up in a more affordable package. The result of those efforts is the Snapdragon 8s Gen 3, which is slated to appear inside phones from Xiaomi and Honor in the coming month.

Qualcomm is once again pushing generative AI capabilities for its latest silicon, touting features like image expansion, support for AI models from the likes of Meta to create an intelligent on-device assistant, and readiness for Google’s Gemini Nano model. So far, these things have remained exclusive to Google's Pixel and Samsung flagships, but it appears that the Snapdragon 8s Gen 3 will finally bring them to a larger audience.

Read more
The 1Password Android app just got a huge upgrade
The 1Password Android app, side-by-side, showing the light and dark mode.

The 1Password password manager app for Android has just gotten a huge new update, which unlocks the use of passkeys through its app. Held by many as the future of secure authentication, passkeys are the next evolution of the password, and from today, you'll be able to use 1Password to create, manage, and unlock your accounts that use passkey authentication.

1Password is one of the world's most popular password managers, with over 700,000 passwords saved. But it clearly sees that the future is elsewhere, as it has been leading the charge on taking passkeys into the mainstream.

Read more