Connect with us

Hi, what are you looking for?


Android Phone Makers Enhance Patching Practices

Android Phone Makers Enhance Patching Practices


Android smartphone producers have considerably improved their patching hygiene over the previous couple of years, a brand new report from Safety Analysis Labs reveals.

Beginning in 2015, after the Stagefright vulnerability was disclosed, Google has been releasing new safety fixes for the Android working system on a month-to-month foundation, urging distributors to overview and combine these into software program updates for his or her gadgets.

In 2018, Germany-based Safety Analysis Labs revealed that Android distributors had been repeatedly omitting patches in safety updates launched to their customers, thus leaving them uncovered to sure assaults.

Since then, nonetheless, the ecosystem has seen enhancements by way of repeatedly delivered patches, with some distributors releasing fixes to their customers a lot sooner than earlier than.

“We discovered that on common, for official firmwares launched in 2019 missed solely about half as many patches as comparable firmwares launched in 2018,” the safety agency says.

Month-to-month safety updates are being built-in into firmware builds 15% sooner than in 2018. Final yr, 90% of distinctive firmware builds for main Android distributors arrived inside 38 days of Google’s safety patches.

Distributors additionally improved their patching processes, with the speed of missed patches dropping beneath 0.3 (from 0.7 in 2018).

Nevertheless, the Android ecosystem continues to change into extra fragmented: a number of Android variations are supported on the identical time, and unsupported end-of-life variations proceed to be broadly used.

Solely 30% of the noticed gadgets had been working Android 9 or newer in 2019, 40% had been working Android 8, and 30% had been working Android 7.

“General, we discover that distributors are inclined to patch their most generally deployed Android variations sooner than less-widely deployed variations. Much less broadly deployed variations, even when more moderen, had been extra prone to see delayed updates or missed patches,” the safety agency says.

Distributors akin to Nokia and Google ship patches exceptionally quick, with newer Android variations constructed days and even weeks earlier than the general public Android Safety Bulletin is posted, as a result of distributors get entry to the data one month prematurely.

These distributors that use vanilla Android on their gadgets, fairly than extremely personalized variations, ship patches sooner and with much less effort. Furthermore, they’ve fewer gadgets to push patches to, additional streamlining the method in comparison with these which have a lot of gadgets to take care of.

Over time, most main distributors have made enhancements to the patching of recent Android variations, with the vast majority of firmware for supported Android variations being patched lately. Distributors have improved each patching accuracy and pace, the safety agency says.

“The remaining patch hole seems come up from the complexity of the ecosystem and the variety of Android variations that should be supported by every vendor,” Safety Analysis Labs says.

Android Phone Makers Enhance Patching Practices

Associated: Google Patches Crucial RCE Vulnerabilities in Android’s System Element

Associated: Google Patches Crucial Remotely Exploitable Android Bug

Associated: Android Distributors Often Omit Patches in Safety Updates

Android Phone Makers Enhance Patching Practices
Android Phone Makers Enhance Patching Practices
Android Phone Makers Enhance Patching Practices

Ionut Arghire is a global correspondent for SecurityWeek.

Earlier Columns by Ionut Arghire:
Android Phone Makers Enhance Patching PracticesTags:

american mobile brands,world no 1 mobile company 2020,chinese phone brands,indian smartphone company

You May Also Like


The latest round of MITRE ATT&CK evaluations proved yet again that Microsoft customers can trust they are fully protected even in the face of...


On Thursday, April 23rd, 2020, Canonical Ltd, the makers of Ubuntu Linux distribution officially released the long-awaited Ubuntu 20.04 version code-named “Focal Fossa”, it...


As the robot process automation (RPA) market becomes more and more dynamic, more and more companies are trying to integrate RPA into their business...


Virtual Machine Manager is one of the best hypervisors available for the Linux desktop. This is well-designed and well-functioning QEMU/KVM virtualization software that takes...