According to the firm there have been almost a dozen patches that were skipped by certain OEMs, which means that some users, and likely a large number of them considering how many Android phones are out there and how many vendors weren't applying the patches as regularly as Google intended, were continuing to use phones that weren't up to date and weren't able to protect their users from current (at the time) security risks that Google was pushing out these patches for.
Security researchers have released a study on Android smartphone manufacturers and security updates for their phones, The Verge reported.
So, if you are wondering about the security of your smartphone or want to check on the patch you received last, then here is an app for that as well. That can mean frustration for those waiting for the latest and greatest feature updates - and in some cases, it can put your phone at risk with delayed or missed security updates.
The list includes major Android phone makers like Google, Samsung, Xiaomi, OnePlus, Sony, LG, Huawei, Nokia, Motorola, HTC, ZTE and TCL. Here, I'm talking about regular updates and security patches. In a practical scenario, when you find that your device's firmware is fully updated, you get a false sense of security.
Several manufacturers have been pretending to stay on par with the latest updates without pushing any actual update. The manufacturers have allegedly been found to be lying to consumers about missed security patches.
These smartphone makers have created a false sense of security among their users. "We found several vendors that didn't install a single patch but changed the patch date forward by several months".
On the user's part, it's nearly impossible to know which patches are missing and which are actually installed.
With Android P, "all traffic should be encrypted, regardless of content, as any unencrypted connections can be used to inject content, increase attack surface for potentially vulnerable client code, or track the user", Android security engineer Chad Brubaker wrote. Missing multiple patches can cause a series of vulnerabilities in a phone's software. The randomization helps to alter the location of a program in memory and sandboxing limits the access to the rest of the device. Those with Samsung processors skipped over few patches while models using MediaTek chips missed nearly 10 patches, on average. Also, manufacturers like TCL and ZTE even skipped more than four. What they discovered was something they refer to as "patch gap". The vendor has to primarily depend on the chipmaker to offer a security patch and not the OS. On the other hand, in the OnePlus 5T the test result was inconclusive in the case of 5 patches but the handset has not missed any patch.