Android phones are infamously slow to get updates as of Google’s last update in February, only 1.1 percent of Android users have access to the latest version of the software but apparently, the problems with Android’s software updates go deeper than that. Research firm Security Research Labs is claiming that numerous Android manufacturers are lying to users about missed security patches.SRL researchers Karsten Nohl and Jakob Lell spent two years analyzing Android devices, checking to see if the phones actually had installed the security patches that the software said it had. The pair found that many devices had what they call a “patch gap,” where the phone’s software would claim it was up to date with security patches but was, in reality, missing up to a dozen of the patches. The missed patches aren’t just an isolated incident, either. According to Wired, SRL tested firmware from 1,200 phones from companies like Google, Samsung, HTC, Motorola, ZTE, and TCL for every Android patch released last year. They found that even major flagships from Samsung and Sony occasionally missed a patch.Obviously, this is bad. Whether it’s intentional or not, customers aren’t just being left vulnerable to hacks by not having the latest security updates. They’re also being lulled into a false sense of security by thinking that they are fully protected, which could lead to far more disastrous results down the line. To help with that, SRL is releasing a tool called SnoopSnitch on the Play Store that can analyze your phone’s firmware for installed or missing Android security patches to see if you’re really safe, but it really shouldn’t have had to come to this in the first place.
To be clear, not all phone manufacturers are equal when it comes to missing security patches. On average, phones from Google, Samsung, and Sony only tended to miss the occasional patch. But companies like ZTE and TCL performed far worse, with devices that claimed to have installed an average of four or more security patches than they actually did.