Most non-Google Android phone makers (except for Sony) were once bad at keeping up with security patches. For J5 customers, those who checked the status of their devices' security were aware of which patches were installed and which were not. Outside of the Google Pixel and Google Pixel 2, the tests revealed that even high-end flagship models made by the top manufacturers had Android security patch updates skipped over, even if the update was credited on the phone.
The patch gap issue is not an isolated case. They found out that many Android phone vendors fail to make patches available to their users, or delay their release for months. Sony and Samsung devices were found to have only skipped 0-1 security update. The companies like Google, Samsung, and Sony got a very good record of installing the patches but the companies like Lenovo's Motorola, TCL and ZTE have got the problem to roll out the updates. The devices which use the processors from Taiwan's MediaTek miss out 9.7 patches from their phones. One of the lowest performing brands were TCL and ZTE, all of whose phones had on average over four patches that they claimed to have installed, but had not. On many occasions, it was found that the OEMs were hiding as many as a dozen missed patches.
Conversely, SRL also found that Samsung's mid-range J5 device contained all the advertised security patches. The vendor has to primarily depend on the chipmaker to offer a security patch and not the OS. After the release of an update, chipset makers adjust the updates as per their requirements and then pushes it to smartphone manufacturers.
The company has moved towards encrypting all data that leave and enter Android devices with the industry-standard Transport Layer Security (TLS) protocol, and is further tightening the requirements in Android P, which is now in developer preview.
One of the interesting revelations from the research is that even major vendors such as Xiaomi and Nokia (which promise swifter updates) had on an average between one and three missing patches, whereas HTC, Motorola, and LG had missed between three and four patches.
Nohl agrees that exploiting Android vulnerabilities remains hard due to these security layers and points out an easier and more common route to compromising Android devices is through the use of malicious apps - either inside Google Play or outside the store. The company tried to do some damage control by listing its mechanisms like Google Play Protect which are being developed to ensure an extra security layer.
OH teen trapped in van dies despite pleas to 911
Plush said several times he was "at Seven Hills", though the operator apparently did not hear clearly or understand what he meant. The recordings of Kyle's desperate calls have prompted the Cincinnati Police Department to launch an investigation.
More African athletes missing from Commonwealth Games
They are here on a temporary activity visa and are free to travel around the country until it expires in early May. This comes days after eight Cameroonian athletes went missing at the games, raising concern from the organizers.
Trump amps up Amazon fight with an executive order
Postal Service firm model, a movement that came amid criticism of Amazon and its particular operator Jeff Bezos . President donaldtrump late Thursday signed an executive order creating a task force to examine the U.S.