Android phones lacking a few security updates are still more secure than your average Windows machine, a security researcher and the co-author of a study says.
The statement comes after a study by Security Research Labs (SRL), which found that many Android brands were far behind on updates. The study, first reported by Wired, also found that some vendors were lying about the last applied update.
The researchers discovered that ZTE and TCL were the worst offenders when it came to dubious claims of being up-to-date.
“Most patching gaps are probably the result of genuine difficulties to keep track of all necessary patches in Android, the Linux kernel, the chipset, and hardware drivers,” SRL founder and study co-author Karsten Nohl told Android Authority in an email. “Only in (a) few cases have we caught vendors simply stating wrong patch dates, and even less so recently.”
SRL has updated its SnoopSnitch app to show authentic patch information for your phone, and will issue a bug-squashing release at the end of the week, Nohl explains.
Missing security updates might not hurt
Aside from downloading the app, what else can consumers do if they don’t have the latest security updates?
“Single missing patches are not by themselves a cause for concern, since most Android hacks require a chain of multiple bugs,” Nohl elaborates. “If the patch gap is very large, a security-conscious user may want to switch to a better-patched phone.”
Nevertheless, the SRL founder reckons that Android device owners can take solace in the security measures on their phone.
“We have not seen any large-scale hacking attacks on Android, and hopefully never will. Each phone has a number of security barriers and each missing patch usually affects only one of them. Consumers can take comfort in the thought that an Android phone with a few patch gaps is still more secure than the average Windows computer.”
The sheer number of phone models means it’s no surprise that vendors are struggling to maintain updates, Nohl notes. “Simplification of the model jungle is a prerequisite for gap-free patching in my opinion.”
If you’ve got a super-old or ultra-budget Android device that hasn’t received security updates in a long time, you’re looking at more than a few patch gaps. So you probably want to upgrade your phone or enable more security options.