Android security: Your phone’s patch level says you’re up to date, but that may be a lie

Google has spent the past two years building momentum behind its Android monthly patch level system, but a study has found critical patches that should be on devices displaying a patch level aren’t actually present. The ‘hidden patch gap‘ in Android devices was discovered by researchers Karsten Nohl and Jakob Lell of German security firm Security Research Labs.

The pair are presenting the results of their two-year analysis of 1,200 Android phones today at the Hack in the Box conference in Amsterdam. The results, shared with Wired, show that some popular Android devices are missing as many as a dozen patches that users would expect to be there, based on the patch level string displayed in settings in date format. Google introduced the monthly Android updates in 2016.

Read more about the findings of the study into missed security updates that casts doubt on Google’s Android patch level system on ZDNet.

Track the strategic threats to your business with the Threat Brief, delivered to your email daily.

Subscribe Here