Android phone makers skip Google security updates without telling users, researchers say

“Android smartphone manufacturers are skipping security patches without notifying users, instead claiming their smartphone’s software is up to date with Google’s monthly security releases, researchers say,” Samuel Gibbs reports for The Guardian. “Researchers from Germany’s Security Research Labs (SRL) conducted a two-year study into the state of Android security focused around the monthly updates that Google issues and urges smartphone manufacturers to install.”

“These monthly updates are crucial for keeping smartphones secure, fixing collections of known bugs and holes each month to keep hackers at bay. But the researchers found there is often a hidden ‘patch gap’ between what the manufacturers tell the users and what they actually do to the software – some simply tell people they have updated the phones without actually patching anything,” Gibbs reports. “In the findings due to be presented at the Hack in the Box security conference in Amsterdam on Friday, the researchers said of the 1,200 smartphones tested, some manufacturers may miss one or two patches from the monthly security updates, but others may miss many more.”

“Failing to update their smartphones with the latest security updates is one thing, but SRL found that some simply lie about installing any patches at all,” Gibbs reports. “SRL found that of the major smartphone manufacturers, Google, Sony and Samsung performed the best, missing up to one patch, OnePlus and Nokia missed between one and three patches, HTC, Huawei, LG and Motorola missed three to four patches, while Chinese manufacturers TCL and ZTE missed more than four.”

Read more in the full article here.

MacDailyNews Take: You skip/miss one patch, you might as well skip/miss them all, especially when mired in the toxic hellstew of vulnerabilities they call Android.

If it’s not an iPhone, it’s not an iPhone.

Android malware found inside apps downloaded from Google Play has infected at least a million users – March 26, 2018
Facebook has been collecting call history and SMS data from Android devices for years; Apple iOS devices unaffected – March 25, 2018
New Android malware records ambient audio, fires off premium-rate texts, and harvests files, photos, contacts, and more – March 2, 2018
Android malware apps with over 1 million downloads slip past Google Play defenses – twice! – September 14, 2017
How to upgrade from Android to a real Apple iPhone – August 21, 2017
Video: Apple CEO Tim Cook speaks at Cisco Live, blasts Android’s shoddy security – June 26, 2017
Security expert: There are several reasons why Apple iPhones are more secure than Android phones – May 31, 2017
Russian hacker gang robbed Russian banks with over one million hacked Android phones – May 22, 2017
36 widely-used Android devices ship with malware preinstalled – March 14, 2017
The cost of free: More than one million Google Android devices hit by malware – November 30, 2016
Secret backdoor in U.S. Android phones sent location, text, contact data to China – November 15, 2016
Google’s Android platform has a serious flaw – August 23, 2016
Poor man’s iPhone: Android on the decline – February 26, 2015
Study: iPhone users are smarter and richer than those who settle for Android phones – January 22, 2015
Why Android users can’t have the nicest things – January 5, 2015
iPhone users earn significantly more than those who settle for Android phones – October 8, 2014
Yet more proof that Android is for poor people – June 27, 2014
More proof that Android is for poor people – May 13, 2014
Android users poorer, shorter, unhealthier, less educated, far less charitable than Apple iPhone users – November 13, 2013
IDC data shows two thirds of Android’s 81% smartphone share are cheap junk phones – November 13, 2013
CIRP: Apple iPhone users are younger, richer, and better educated than those who settle for Samsung knockoff phones – August 19, 2013

[Thanks to MacDailyNews Readers “Fred Mertz” and “Markus” for the heads up.]


  1. I have warned dozens of Android users about malware and OS’s failing to be updated and now we have ‘phoney’ updates.

    And still, those users won’t care.

    I’ll tell you who DOES care. US teens, from the last article I saw, were something like 93% on iPhones. They know.

  2. ““SRL found that of the major smartphone manufacturers, Google, Sony and Samsung performed the best, missing up to one patch”
    Google missed their own patches?

      1. In time, it’s reasonable to think security will be the number #1 “feature” that sells a product. It’s reason enough to buy Apple now and I hope the company goes to greater lengths to fortify and it becomes common knowledge the feature is the idiot’s NOT to embrace.

    1. Not sure why there was no ‘Zero’ category other than the author attempting to infer that since 100% of phones for a given OEM was not checked, it was better to error on the safe side and leave the possibility that a patch was missed in the ‘0 to 1’ category. It is also possible that carriers may have been a bottleneck for certain patches.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.