There is a huge difference in the universe of Android smartphones and the Apple iPhone. Where there is a single manufacturer of iPhones, Apple, there are dozens of manufacturers using the Android OS in their smartphones and tablets. And these manufacturers frequently tweak the Android OS to provide unique features, looks, and other capabilities.
On the surface this may seem like a non-issue, but a report by Statista released 12042018 shows that 65% of iPhones run the latest OS while only 1% of Android phones run the latest Android OS. Further, 4 out of 10 Android phones are running an OS that is three years old.
What does this mean to Android users? Security. Regular updates to any OS, program, or app are essential to provide the maximum level of security. The bad actors are constantly testing all three categories of software to find vulnerabilities they can exploit to meet their goals. Developers modify their code to correct or “patch” these “holes” and provide them to their users.
Or at least that is what they should be doing. According to a study by the German firm, Security Research Labs (SRL), Android device manufacturers have been lying to their customers, telling them they are receiving the latest patches and that their devices are at current security levels.
A Hacker News article provides more details about the issue. Google releases patches monthly but because of the customization described in the opening paragraphs of this post, many manufacturers cannot or do not update their customized versions of the Android OS in a timely manner. In some cases, they don’t patch it at all. According to Karsten Nohl from SRL,
"Sometimes these guys (the manufacturers) just change the date without installing any patches. Probably for marketing reasons, they just set the patch level to almost an arbitrary date, whatever looks best."
The SRL study looked at 1200 Android smartphones that supposedly had the latest security patches installed. These patches were for High Severity and Critical issues. Here are the results:
- 0-1 missed patches—Google, Sony, Samsung, Wiko Mobile
- 1-3 missed patches—Xiaomi, OnePlus, Nokia
- 3-4 missed patches—HTC, Huawei, LG, Motorola
- 4+ missed patches—TCL, ZTE
Google is acting to improve the situation, but it will take time. If you want to check the status of your Android device, SRL has developed an app called SnoopSnitch for this purpose.
CRIP.TO wants its customers to have the most secure communications possible. By combining its Shield app (yes it is Android but is highly secure) and Black hardware device, customers have the highest level of security, privacy, and anonymity available regardless of the security state of their Android device. If a bad actor intercepts a communication, they will not be able to decrypt it.
Even so, always make sure you patch all your software and use all available tools like SnoopSnitch to check your security status.
CRIP.TO, dedicated to giving our customers the freedom to communicate fearlessly.