Publicado: Sol, Abril 15, 2018
Ciencia | Por Aurelio Ontiveros

Google might call the next version of Android, 'Popsicle'

Google might call the next version of Android, 'Popsicle'

One of the lowest performing brands were TCL and ZTE, all of whose phones had on average over four patches that they claimed to have installed, but had not.

The issue has bugged a large number of Android smartphone users that are actively on Google Music and Google has been notified of it more than 6 months ago.

Two well-known German researchers, Karsten Nohl and Jakob Lell of Berlin's Security Research Labs, plan to release a report today showing that many Android security updates are bogus. They have examined about 1,200 firmware samples taken from various smartphones which are sourced to various vendors.

Updates and security patches on Android have always been a serious issue. The duo focuses their investigation on patches for critical or high severity bugs which are released during the year 2017. "Now that monthly patches are an accepted baseline for many phones, it's time to ask for each monthly update to cover all relevant patches".

NOhl said in an interview on Thursday that, the patching problems that occur on smartphones can be blamed due to the complexity of the Android ecosystem and poor quality control. They found what they call a "patch gap": In many cases, certain vendors' phones would tell users that they had all of Android's security patches up to a certain date, while in reality missing as many as a dozen patches from that period-leaving phones vulnerable to a broad collection of known hacking techniques. The team's findings are the result of testing 1,200 Android handsets from all the major manufacturers over the course of two years, examining whether manufacturers had offered the security patches as advertised.

Trump gives his lawyer thumbs-up in Russia probe
Trump could also direct Rosenstein or a potential successor to take action against Mueller. Grassley, in some of the strongest comments from the caucus, said it would be "suicide".

While top-tier vendors such as Google, Sony, and Samsung miss no or very few patches, budget Chinese smartphone makers TCL and ZTE failed to install more than four, despite claiming to have fully updated devices, the researchers reported.

Google said it is investigating the claims and will push any vendor to bring their devices into compliance.

And while it may be that some of the updates are missed by accident, the researchers feel that some smartphone vendors are deliberately misleading their customers over the patch status.

In response, Security Research Labs has updated its SnoopSnitch app, where Android phone users can get an accurate breakdown of which security updates have and haven't been installed.

The company added that it was working with the research authors to improve detection mechanisms when a device uses an alternate patch as opposed to a Google-endorsed update.

Me gusta esto: