by Graham Pierrepoint
It’s hardly been the best of months for technology and new media, and with Facebook at front and center of a battle surrounding data that they had allowed to be shared with Cambridge Analytica, it seems that a new issue may be brewing in the world of handheld tech. Android smartphones can be manufactured and developed by third parties – such as Samsung, LG, or Sony Ericsson – and, according to recent research concluded and reported by Security Research Labs (SRL) in Germany, it seems that users of such phones may have been missing out on certain security updates and patches without even knowing it – and that manufacturers appear to be to blame.
It appears that there are some manufacturers and developers in play who have altered the dates of certain patch releases for Android users for reasons which are seemingly unknown at this stage – and while missing one or two security patches won’t necessarily render your handset open to all manner of attacks, the news that they may be getting skipped out on is still somewhat worrisome. Whether or not a patch or two which is missed is particularly essential is beyond the point – every patch or potential fix missed or delayed weakens a device’s performance and health little by little – not good news at all for those of us who may be using certain Android platforms on a regular basis.
“We found several vendors that didn’t install a single patch but changed the patch date forward by several months. That’s deliberate deception, and it’s not very common,” advised Karsten Nohl, head of SRL, to Wired this week. The matter of patch exploits still being open for attack through sophisticated hacking raises further eyebrows – of the millions of Android devices being used in the world right now – how many are at risk?
Google have, at least, made moves to speak out in line with SRL’s findings, via Android’s product security head, Scott Roberts. However, Roberts suggests that their findings may hint that alternative patches have been sought. “We’re working with (SRL) to improve their detection mechanisms to account for situations where a device uses an alternate security update instead of the Google-suggested security update.”
It remains a fairly complex conundrum – but for now, it goes without saying that Android users should continue to update and patch whenever possible.