Ad Banner

Study disproves some Android phone makers’ claims about fully up to date security patches

Security Research Labs (SRL) just proved that some two-year study some Android phone makers claiming that their products have fully updated security patches are lying through a two-year study conducted on more than 1,200 Android phones.

In a report published by, SRL researchers Karsten Nohl and Jakob Lell looked into phones from Google, Samsung, HTC, Motorola, ZTE, TCL, and others and discovered “patch gap” after checking the source-code level.

Such patch gap are places in the code which should contain the updates but are found missing in most devices.

Sony and Samsung devices were found to have 0-1 missing update while Xiaomi, OnePlus, and Nokia have as many as 3 patches. Meanwhile, up to 4 patches were discovered missing in Huawei, HTC, Motorola, and LG, and more than 4 missing patches in ZTE and TCL.

Nohl then advised manufacturers: “You should never make it any easier for the attacker by leaving open bugs that in your view don’t constitute a risk by themselves, but may be one of the pieces of someone else’s puzzle. Defense in depth means install all the patches.”

(Photo source: