TechAdvisory.org

Technology Advice for Small Businesses

Android phones miss vital security patches

Android manufacturers routinely update their products with the latest security patches to keep users safe from all manner of threats. Or so they would have you believe. According to recent reports, Android phone manufacturers may have accidentally missed a few critical patches. Here’s everything you need to know.

Missed patches
Every month, Google rolls out a new batch of Android bug fixes and critical security updates. These patches are available to Google Pixel phones almost immediately, but many third-party manufacturers are often months behind. When it does arrive, you should theoretically be protected from every recently discovered threat.

After extensively researching 1,200 different smartphones, however, Karsten Nohl and Jakob Lell of Security Research Labs discovered that even though certain phones were considered “up to date,” they didn’t have all the bug fixes and security updates listed on the patch notes. In other words, smartphone vendors often missed important patches.

The study found that, on average, Sony, Samsung, and Google occasionally missed a patch but were generally more secure than other vendors like Nokia, Motorola, HTC, LG, and Huawei that skipped several important updates.

According to manufacturers, these missed updates are purely accidental. Since there are so many updates to install every month, manufacturers can easily lose track and may even skip quality control checks just to keep up.

But as we’ve seen time and again, small accidents can lead to massive-scale breaches. Unlike most Android consumers, who usually don’t think twice about the updates they’re installing, hackers always read patch notes and attempt to find weaknesses to exploit.

The solution
Fortunately, Security Research Labs released SnoopSnitch, a firmware analysis app that checks whether your Android phone is missing any security patches. If your phone model did miss a few patches, the app will record the data and send it to the device manufacturer so they can create a fix as soon as possible.

Experts also say that users shouldn’t panic if they notice a missing patch and there are no updates available from their device manufacturer. Good security practices like avoiding suspicious emails and software from the Play Store will generally keep you safe from a wide array of attacks. What’s more, you should enable multi-factor authentication (using both a passcode and biometric scan to access your device) whenever possible to prevent account hijacking.

On Google’s end, they’re working on streamlining the patching process for manufacturers and creating even stronger security measures that will prevent hackers from gaining a foothold into your device.

Nevertheless, you should still update your Android devices as soon as they become available if you want to avoid a disastrous breach. And if you feel overwhelmed with managing security patches, don’t worry! Just call us today and we’ll help you out.