Some Android OEMs discovered to be lying about security patches [Update]

Hide your keys, hide your phone
Hide your keys, hide your phone (Image credit: Android Central)

Update, April 13: Google has given the following statement to the Verge:

We would like to thank Karsten Nohl and Jakob Kell for their continued efforts to reinforce the security of the Android ecosystem. We're working with them to improve their detection mechanisms to account for situations where a device uses an alternate security update instead of the Google suggested security update. Security updates are one of many layers used to protect Android devices and users. Built-in platform protections, such as application sandboxing, and security services, such as Google Play Protect, are just as important. These layers of security—combined with the tremendous diversity of the Android ecosystem—contribute to the researchers' conclusions that remote exploitation of Android devices remains challenging.

Missed patches certainly make your phone more vulnerable compared to those that are up-to-date, but even so, that doesn't mean you're entirely unprotected. Monthly patches definitely help, but there are general measures in place to ensure that all Android phones have some level of enhanced security.

Once a month, Google updates the Android Security Bulletin and releases new monthly patches to fix vulnerabilities and bugs as soon as they pop up. It's no secret that many OEMs are slow to update their hardware with said patches, but it's now been discovered that some of them claim to have updated their phones when, in fact, nothing's changed at all.

This revelation was made by Karsten Nohl and Jakob Lell from Security Research Labs, and their findings were recently presented at this year's Hack in the Box security conference in Amsterdam. Nohl and Lell examined the software of 1200 Android phones from Google, Samsung, OnePlus, ZTE, and others, and upon doing so, found that some of these companies change the security patch appearance when updating their phones without actually installing them.

Samsung's Galaxy J3 from 2016 claimed to have 12 patches that simply weren't installed on the phone.

Some of the missed patches are expected to be made on accident, but Nohl and Lell came across certain phones where things just didn't add up. For example, while Samsung's Galaxy J5 from 2016 accurately listed the patches it had, the J3 from the same year appeared to have every single patch since 2017 despite missing 12 of them.

The research also revealed that the type of processor used in a phone can have an impact on whether or not it gets updated with a security patch. Devices with Samsung's Exynos chips were found to have very few skipped patches, whereas those with MediaTek ones averaged out with 9.7 missing patches.

After running through all of the phones in their testing, Nohl and Lell created a chart outlining how many patches OEMs missed but still claimed to have installed. Companies like Sony and Samsung only missed between 0 and 1, but TCL and ZTE were found to be skipping 4 or more.

  • 0-1 missed patches (Google, Sony, Samsung, Wiko)
  • 1-3 missed patches (Xiaomi, OnePlus, Nokia)
  • 3-4 missed patches (HTC, Huawei, LG, Motorola)
  • 4+ missed patches (TCL, ZTE)

Shortly after these findings were announced, Google said that it'd be launching investigations into each of the guilty OEMs to find out what exactly's going on and why users are being lied to about which patches they do and don't have.

Even with that said, what's your take on this? Are you surprised by the news, and will this have an impact on the phones you buy going forward? Sound off in the comments below.

Why I'm still using a BlackBerry KEYone in Spring 2018

Joe Maring

Joe Maring was a Senior Editor for Android Central between 2017 and 2021. You can reach him on Twitter at @JoeMaring1.

  • They should add to that list BLU. My old BLU Life XL has never received any sort of patch when I bought it in March 2016.
  • Not really the point of the article.
  • Because it's a BLU...
  • The point is that phones are saying "You're running the Feb patch" but in actuality, they aren't. The text is being updated, but the patch isn't being applied.
  • I find this more shocking than my data being used by Facebook, Google ect.
    I wonder if anyone who has been misled about their security updates have been hacked?
    And if so is there a case for compensation?
  • I find it shocking people post their most personal and intimate feelings, thoughts, activities on Facebook to complete strangers and ***** about privacy. Now if someone went through the privacy settings and thought they should be good to go and Facebook did not adhere, that is a different story. Someone correct me if I'm wrong, Facebook has done nothing ilegal here.
  • Never put online what you wouldn't want your boss and family to see.
    I don't really have a problem with my data being shared I don't usually read the T&C anyway.
    But I'm very shocked both Facebook and Google as well as many others have been so nieve in their actions. I doubt ether have done anything illegal but loosing trust could cost them far more than what they got for the data.
  • You are correct. Nothing illegal
  • My privacy settings seem to have blocked data scrape. My FB page is only viewable by my friends, and app settings are there to prevent third party apps.
  • How cute. You think you have privacy on Facebook.
  • Exactly, Facebook and privacy are not two words I would use in the same post.
  • "Samsung's Galaxy J3 from 2016 claimed to have 12 patches that simply weren't installed on the phone." Wow I won't be surprised if this was from a no name Chinese company but Samsung, that's really bad.
  • mediatek processor that's why
  • More often, Nohl believes, companies like Sony or Samsung would miss a patch or two by accident. But in other cases, the results were harder to explain: SRL found that one Samsung phone, the 2016 J5, was perfectly honest about telling the user which patches it had installed and which it still lacked, while Samsung's 2016 J3 claimed to have every Android patch issued in 2017 but lacked 12 of them—two considered as "critical" for the phone's security.
  • Why are they (Samsung) not in the 4+ category? J3 is a Samsung phone missing 12 patches.
  • I'm assuming that those listings are an average over all tested devices from that particular OEM. This would mean the 2016 J3 is an outlier in Samsung's generally honest lineup.
  • That makes it all ok then.
  • I love the "generally honest lineup". Bahahaha.
  • I've never used a low-end device, but stuff like this is what eventually will make me switch to an iPhone. And God knows how much I dislike 'em. My S8 plus is running like a champ, so I'll use it for this year, but if the iPhone 10s are compelling enough I might just switch. The thing is that in my country Samsung phones have very good deals when launched. Paid about $480 for my wife's Note 8 on day one, hard to leave them.
  • What about a Pixel...?
  • Have not receiving any patches changed any way you use a phone ?
  • With every new update on my work iPhone makes me like it a little bit more. For every new feature there's always a shedload of new bugs.
  • JFS, You would be making the right choice. Yep its boring, but it's secure, fast, smooth and premium.
  • Yep As an old hobbyist programmer, security updates had always been a priority. The users that I have seen, worked for, are ultimately naive about manually checking and maintaining their devices, including security updates. They ultimately - naively - leave it to more knowledgeable people and trust them to have integrity about that manner. To my understanding - when you buy a mobile phone, you relinquish all responsibility from the OEMs regarding your data etc. Now it is up to the 'user' to be knowledgeable and make the correct decision(s) in protecting their identity and data... Look at Facebook and their users granting those permissions (and having bloatware installed as system files which can update outside of Google Play)... Big companies are not stupid - they harvest data and use it to their advantage. That's why I bought the Pixel 2 XL. The only other option for me would be to go to Apple... Androids user base wanted - free apps - which is advertisement driven. Be careful what you wish for...
  • My point exactly, I was an iPhone user until January (I was fed up with Apples BS and restrictive and locked down and overpriced iPhone and now love Android and the freedom, customisation and flexibility and I'm never going back to Apple) ) I"m currently using a cheap Chinese phone (Leagoo M9) and it's not secure I already had to factory reset it to get rid of malware or rather adware apps that kept on reinstalling themselves and I've long since decided once my financial situation is sorted, I'm going to get a Pixel 2 XL (Panda version) because as this scandal had proved, you can only trust Google and Pixel devices if you want a truly secure Android phone.
  • paid google troll.
    1. Hate on apple for no reason. talk about over pricing even tho they offer $349 phones. ($600 cheaper than the XL) and 10X better than a malware infested Leagoo M9...
    could buy a 256GB iPhone 8 plus (double storage) for same price as XL
    2. Brag about a phone that you've never even touched.
  • Pixel 2 XL is better than both the overpriced and iPhone 8 Plus and Leagoo M9 which you can't really compare as it's a budget Chinese Android phone. At least with the Pixel 2 XL you get unlimited online Google storage and is cheaper than the 8 Plus (Apple just want your money and the iCloud storage plans aren't worth it) and I managed just fine with 128GB on my old iPhone 6s Plus before I sold it and switched back Android for good, I have no regrets except for the awful experience with the Leagoo M9, can't wait for the day I finally get a Pixel 2 XL.
  • జ్ఞ‌ా జ్ఞ‌ా జ్ఞ‌ా IOS loves the nuclear Telugu జ్ఞ‌ా జ్ఞ‌ా జ్ఞ‌ా
  • Am at least convinced that Samsung does a good job with their flagships... They possibly mess with the anything below the S & Note series
  • look at the original article by wired where they show a chart explaining which OEM missed more security patches! Samsung, Sony, and Google had the least missed security patches while HTC, Motorola, LG, Huawei, Xiaomi, ZTE, etc missed more security patches! Actually Samsung updates some of their midrange and budget phones faster at times like the j series for example
  • Did you not see that the article specifically pointed out the j series had tons of fake security updates?
  • Of course he/she did Andrew. but that does not matter.
  • I couldn't care less about this.
    In fact, I couldn't care less about the monthly placebo updates. I live quite well without them.
    I rather the software on my phones does what I want it to do, than to have "always the latest update" but not being able to do basic things like, let's see, have a system-wide black theme.
  • I haven't a clue if the security updates are really important or not.
    I've never known anyone to have their phone hacked but I would really not like to find out the hard way.
    What part of the security updates stop black themes?
    I have updates and download a black theme app. Seems to work ok...
  • March security update breaks Substratum for example.
    At any rate, my point was: I don't care for monthly placebo updates. I only care for updates that enhance my experience when using the phone. Updates that are nothing but a nuisance, I pass. And these monthly placebo updates are that. A nuisance.
  • I use substratum themes on my Nexus 6p and essential phone. Both on the April security patch
  • They're both not rooted or anything
  • Then I'm pretty sure you now have to download the overlays, restart the phone, then disable the overlays and re-enable them for them to work. And if you reboot your phone, they're all removed and you have to re-do the process again. Whereas before Google's c*nt move, you just opened Substratum, updated the overlays and be done with it. And rebooting wouldn't affect it. Don't you even try to make excuses for Google on this, mate.
  • You should care about security. This has nothing to do with the latest and greatest features. This is specifically about security updates that occur monthly.
  • I do care about security. Which is why I take the precaution of not using my phone for anything that ACTUALLY might present a security risk for me (I don't do banking on apps or browser, I use a dedicated credit card with very very limited credit with my Google account, I use 2FA everywhere I can and secure passwords, I do NOT use cloud services to upload personal photos, etc). And I couldn't care less for monthly placebo updates because that's what Google's monthly updates are. Most of the time all they do is break things you enjoy (like Substratum) for no reason whatsoever other than them being c*nts and pretending they're "securing" somethig.
  • So you are a security researcher and have reviewed the exploits that are being patched and have been unable to replicate them? Or are you just overly fond of the word "placebo"?
  • he's just a hater that trolls all of the mobile nations sites. he hates everything, including phones and now, security...
    i'd much rather have viruses and malware than the latest patch too... /s
  • If caring more that the phones do what I want them to do instead of being a paranoid idiot like you, makes me a hater, then sure. As you might imagine, your opinion on me matters so much as the results of my neighbour's dog digestive system.
  • Placebo updates because they don't fix any glaring security issues reported OR that have actually caused any problems.
    And since Google doesn't disclose which security problems they actually fixed, I don't have to believe them when they have proven themselves over and over again as deceitful c*nts.
  • Substratum is not broken for me. Worked after the March security patch and is working on the April security patch. Sounds like user error.
  • Sounds like you never used it before the March update. Go see my reply above to understand why you're wrong.
  • So if I understand you right... Since you don't use your phone like many other people do Google should stop releasing security updates because they are a nuisance to you and they break your dark theme on your phone... Hmmm interesting.
  • No. Google should, on the other hand, don't be bunch of c*nts and break things users enjoy over proven FAKE security concerns. Quite different. I don't give a sh*t about monthly updates. I don't care if OEMs release them or not. But when these updates come and break things for NO REASON, well THEN I do care.
    Also, if you think normal consumers care about these updates and don't consider them a nuisance, you should spend more time in the real world.
  • Not surprising in the slightest, I suspected this was the case anyway. Not that it isn't totally unacceptable, but what else can we expect?
  • I am a bit confused. First you say "the J3 from the same year appeared to have every single patch since 2017 despite missing 12 of them." But then you say "0-1 missed patches (Google, Sony, Samsung, Wiko)" Can you clarify?
  • The AC article is lacking details, definitely would suggest reading the full article over at WIRED. Should help explain that data set better.
  • The J3 is running a MediaTek processor. This might be the point that was trying to be made.
  • Read the original article this one doesn't have all the details and isn't worded correctly! The original article has a chart to explain in more detail than this article. Original article is by wired!
  • The average Samsung device lacks 0-1?
  • The first part was written before the Samsung payout. The little chart, after. simple.
  • Missed security patches are sorta understandable, but OEMs lying to users about them is rather untrustworthy and ridiculous.
  • if they are skipping over and then claiming they patched an actual security hole, that's really bad. i wonder if some of the skipping might be patches that are not applicable to certain hardware, so they claim they are compliant with no action (other than showing a patch date) rather than documenting it being not applicable? hmmm. i could see that happening.
  • I thought they only patched Android itself. Don't see how why they would worry about other people's hardware.
  • OEMs lying about security updates is bad. Falsify that state of security for any given device is deplorable. It's one thing to be behind, but at least be honest about it. "...while Samsung's 2016 J3 claimed to have every Android patch issued in 2017 but lacked 12 of them—two considered as "critical" for the phone's security." Da Hell, Sammy?!?!?
  • Read the original article this one is not worded correctly or explains the information more clearly!
  • They actually told users which patches they had and which ones they were missing! Read the original article! Also Oneplus, Nokia, LG, Huawei, xiaomi, HTC, Motorola, etc missed more security patches than Samsung! Samsung own processor was the safest with least missed security patches! The J3 used a mediatek processor not a Qualcomm or Samsung Exynos processor...
  • I read the original article and posted it here in an earlier post. That quotes is from that article, not this AC "article". From the WIRED article: "Their testing found that other than Google's own flagship phones like the Pixel and Pixel 2, even top-tier phone vendors sometimes claimed to have patches installed that they actually lacked."
  • That's just it, I would assume that some of those missed patches are more hardware related e.g. Why would a phone with a Mediatek processor need a patch for a Qualcomm processor?
  • google should be patching their OS by delivering updates directly to the devices each month, not relying on/blaming OEMs. this is the same issue when it comes to delivering OTA updates and relying on OEMs/carriers. this is just another means for google to get people to buy Pixel, they're not addressing the actual issue.
    Blackberry didn't seem to make the list though, good on them.
  • TCL are the ones making BlackBerry devices and they have the worst results on the list of security patches
  • ugh, yeah
    android security updates should be abstracted from the hardware-level updates
  • TCL does not build the software for BlackBerry devices. That's like saying the Pixel is bad because it's an HTC device.
  • My BlackBerry DTEK60 has missed 5 patches...
  • You fail to understand how Android works. AOSP (Android Open Source Project). This is free open source software that OEMs take and do whatever they want to it. Google gives OEMs all the tools they need to patch devices but at that point it's up to them and out of Google's control. Google would be all for controlling all of the software (like they do for ChromeOS, one of the most secure operating systems available) but that's not what OEMs want. They want to do whatever they want with the software, which means they are responsible for updates. That's just how it works right now. That could change in the future if Google decides to fundamentally change how Android is distributed and licensed. But is that really what we want? How about these corporations take some responsibility for their own products and stop putting corporate profits above customers. Until then I can only use phones from Google or Apple. That is really sad because Android is supposed to be about freedom and choice. But we shouldn't have to sacrifice security to have that.
  • Dosdeuces. thats the catch. You can have freedom, or security. One or the other, something has to be sacrificed. Apple has security, but at the expense of some freedom and customizing ability. Android has freedom and customizability at the expense of security. I know which one I pick. And its really BORING!
  • Is it a Pixel?
  • No it's an iphone. Not the x either...thats crap!
  • With Google you get the best of both worlds, you get the freedom customisation and flexibility we've come to expect on Android but without the useless (in my opinion) features or bloatware that the likes of Samsung flood their phones with, and only the important core Android features, it's only Apple where while secure, it's at the expense of complete freedom, virtually non existent customisation and flexibility which Apple forces you to buy their other overpriced and inferior products (I know this as a former iPhone user) plus the Pixel is the smartest Android phone with Google Assistant which nothing compares to it.
  • paid google troll
  • You can have both. The Pixel line is one of the most secure smartphones available right there with the iphone. It's a business decision that some companies make to not prioritize security updates and that's the problem.
  • You can have both. It's called a Pixel But I agree Apple is #1, and they'd better be. One security breach could seriously damage the company's rep
  • The Pixel is the answer. Then you get both.
  • You clearly have no idea how open source software works. That's cool. But you can't pin this one on Google just because you don't know any better.
  • Yeah, I agree that this is very bad. We live in a time where privacy and security online is of the utmost importance to a lot of people. Just missing a security patch is one thing, but purposely being misled about the state of your device is another thing entirely. This news is actually pretty troubling.
  • TCL?! Aren't they the supposed kings of security with the Blackberry? What's your opinion about this Jerry Hildenbrand, author of: Most Secure Android Phone in 2018 and Why I'm still using a BlackBerry KEYone in Spring 2018
  • I had a blackberry Keyone in Europe and the security updates were inconsistent with one update being 3 months late.
  • I forget the project name but hasn't Google sorta already addressed this type of thing by changing the Android architecture to where the OEM customization level is separate from the OS core, thereby allowing Google to directly update the kernel without having to go thru the OEM
  • Do you mean Project Treble?
  • Project Treble and why Google still won't be able to bypass the OEM (and the blasted carriers for carrier-branded phones)...
  • Not surprised by this at all. One more reason to only use nexus/pixel or iphone. Those are the only choices if you care about security. Which you definitely should but people don't care about what they don't understand. What everyone should be able to understand though is that your data is valuable. So valuable that there are people out there willing to spend a lot of time and money to get it. And you should do whatever you can to protect it. That means using a phone from Google or Apple and that's it. Until these other OEMs can be proven trustworthy there is no other option. Full Stop.
  • ^ This. At this point I will only trust Google and Essential to provide OS and security updates in a timely (matter of days) updates.
  • This gives me one more reason to go Pixel, as Google is the only one I can trust to deliver these security patches, right now I'm using a cheap Chinese phone (Leagoo M9) that's on the January 5th security patch. The sooner my financial situation changes the sooner I'll be able to get my Pixel 2 XL, as I've already been exposed to adware on my phone that a factory reset fixed.
  • Exactly. I am already impressed by the Pixel 2. I am waiting to hear more about the 3. This is icing on the cake. It is expected that OEMs do their due diligence to take care of their customers by addressing security vulnerabilities. After all, what are we paying for? Certainly just not hardware. It seems like this is how it goes: Market the new features, entice people to buy the device, run a data collection AI assistant and to hell with security updates, because the next best thing is more important.
  • You hit the nail on the head, I'd rather have a secure phone with only the essential core features that makes Android great, the freedom, customisation and flexibility which people forget you can still do on the Pixel, so what if it doesn't have the amount of features of a Samsung, LG or other OEMs have? It has what is needed and is far more secure than any other Android device and I'd rather have that along with consistent monthly security updates over features that are mostly gimmicks and not very useful and the fact that only Google can be trusted is a damning indictment of the rest of the Android OEMs.
  • Guess I'll go stock next time. What a shame!!
  • Fu Samsung
  • Paying 700+ for a flagship phone only to be lied to by the manufacturer and carriers about the software/patches they're putting on. But wait, they want us to add extra services, collect information about what we do with our phones, and be loyal subscribers. That's like buying a maintenance plan on a new car, and taking it to the dealer for an oil change and them only replacing 1/2 the oil.
  • Not surprised. This is why I miss Windows. I'm tired of Android. Also, looks like my next phone will be last year's XZ1. Shouldn't have to be restricted to only a Pixel for this. Google can solve this with more Android One devices.
  • That xz1 compact is just the perfect size. Probably my next phone if Moto or pixel don't come up with something smaller.
  • Can you say "Class Action Lawsuit"? I knew you could.
  • Class action lavkjgb
    Oh man, i was so close!
  • Just when I was convinced I would buy an HTC phone once they release the U12+ and then they go and lie about security patches.
  • Out of interest I asked my colleagues and a few friends who use android phones what security patch date their phones are on.
    Not one out of over 20 knew. And only a couple had ever heard of security patches.
    Somehow I doubt the manufacturers in this list will be loosing any sleep or sales unless a major virus hits the headlines as well.
  • I keep coming back to these comments looking to read Jerry's response after writing the recent security articles mentioned above.
  • Does google have 0 or 1 missed patch? It can change everything. If google itself missed even 1 patch, it would be quite scandalous
  • I doubt Google has missed a security update on the Pixel or Nexus, as it's a selling point for them and big reason why I'm going Pixel, the rest are liers and can't be trusted only Google can be trusted plus I'm stock Android and Google lover anyway.
  • LMAO, keep believing that hype
  • It's not hype, it's the truth, but hey if you're don't mind your phone being vulnerable to whatever is the latest security threat to Android phones then don't said you weren't warned. Only Pixel and Google can be trusted.
  • Nothing is 100 percent secure, only varying degrees
  • You like Google? I would have never guessed. Careful how high one puts any of these OEM's. They all have faults and omissions.
  • Agreed but as this scandal has proven, Google and the Pixel are the only one you can trust if you're serious about security, and I always felt safe and secure when I had an iPhone too but grew to hate how restrictive and locked down an iPhone is, that's why I left. And the Pixel 2 XL (my personal favorite) between the 2 and 2 XL, are the only Android phones that I can truly feel safe using. And it helps that it has my favorite version of Android and that I'm a Google fanboy.
  • Google has a 0, per the WIRED article.
  • Google is the one creating the patches and making them available so no they didn't miss any of their own patches.
  • Same with essential. Since they run stock google too! he he.
  • I for one could care less where my Note 8 security level is. This article definitely will not change my mind on what device I will buy next. Not today, not tomorrow, not ever. Because I don't care. The security level of my phone is the last thing on my mind when I buy a new device. It's about the user experience not the security level. What a great article to promote Iphone & Pixel phones. You can have all the iPhone's & Pixel phones. I for one will
    most likely never buy one of either. And most certainly not because of security updates. Just my .02 worth.
  • It's ironic that whenever there's a Android security vulnerability it's Samsung devices that are always mentioned, but hey you don't care about your security so why bother use your iris scanner or a passcode since you don't care about security, plus nobody's saying to buy a Pixel or an iPhone, just like I will never buy a Samsung device (which are gorgeous to look at but their software sucks), jeez you Samsung fanboys are paranoid and insecure. But for me it justifies buying a Pixel 2 and 2 XL if you care about your phone's security. Which also runs smoother than your bloated Note 8.
  • Omg STFU already. People make decisions that are important to them. How self righteous of you to question how someone spends their money Has Samsung or HTC ever breached their customers data? No. So stop with the overdramatic bulshit.
  • Who said anything about Data breach? Did I say he was wrongly to buy a Note 8? you twit and nor did I say he should buy a Pixel either, Security may not be important to you or that insecure Samsung knight but it is to me and I don't take kindly to deceitful behavior or lies, and like I said only Google truly care about security on Android, now butt out of stuff that has nothing to do with you. ThrottleJonny more like annoying Jonny oh and take your own advice and STFU and quit trolling me, in every comment section, I don't fancy you now leave me alone.
  • Your tone is always to lecture somebody and no one wants to hear your bulshit. Not everyone wants a Pixel. Deal with it and stop acting like an insecure 13 year old.
  • Did I say everyone should buy a Pixel? No I stated a fact, if you care about security its Pixel or nothing, I'm Telling it like it is, and if you or that Samsung Knights having a problem with me stating that fact then that is your problem, if anyone is insecure it's you too, always accusing AC of promoting the Pixel when this article clearly doesn't now quit trolling me, somebody should throttle you talk to someone who actually cares about your bulshit and what you think.
  • You're telling people they don't care about their security if they don't buy a Pixel, which is total bulshit. You're the worst kind of troll. One that doesn't have a sense of humor or realize how ridiculous you are.
  • Some people on this thread have actually said they don't care about security, its already been proven if you want the most secure Android phone, it's the Pixel or nothing, and it's you who's being ridiculous not me, you're the one who keeps trolling me, which at first I thought it was amusing but now you're beginning to annoy me with your bulshit, being a hypocrite as well as a troll now go bother someone, who actually cares what you think.
  • And you annoyed me weeks ago with your fanboy nonsense. Time to block you. Have a good one
  • You're a fanboy yourself and and don't deny it, now I'm done with you and your nonsense and hypocrisy. From now till I'll just ignore you. You're not Worth wasting words on and this is the last time I'm responding.
  • it is an insecure 13 yr old
    and a paid troll
  • paid google troll.
    "i care about security"
    "I own a cheap malware infested Chinese phone"
    shut up about a phone YOU DO NOT OWN.
  • I can talk about the Pixel 2 XL regardless of what I own it or not, now get lost and quit harassing me.
  • Bit of a yawn... Android is stable & most vulnerabilities ever discovered require access to the phone or very unique circumstances. The truth is many vulnerabilities are documented, but actual, truly mesnibg hacks that end up costing consumers robbed bank accounts, credit cards, etc is esse zero.... You kust never read about users gettibg hacked so severely they incur a financial loss. Nice to hear the mistskes were discovered... But the antivirus / security crowd has always oversold fear. The PC market is similar.... if anyone thinks Microsoft would offer anythinh but world-class protection through Defender, they are fools. If Microsoft offered lousy online protection, they would get sued becsuse they hsve lots of cash... It's free and it works. Samsung device security is what Defender is to Microsoft. But there aee companies that sell on fear and gladly take about $120 a yesr for protection that is otherwise free.
  • Please don't compare Android and Microsoft security to highlight the lack of risk.
    In the UK we had major issues with ramsomware on unsupported Windows systems that cost millions.
    I've not got a clue what risks a none updated phone is exposed to but if there is a patch to close it i want it.
  • Or... simply..... Show or prove a hack / loss from any missed patch... That's right, there haven't been any.
  • Why leave it to chance? Security updates are important to plug any security holes in Android and nobody should think for a minute that your Android phone is completely secure because that's all it takes, one missed security update for the latest security exploit or hack to infect your Android device, when it comes to security on Android you can only trust Google and the Pixel phones and not these deceitful OEMs being caught out lying and actually missing their monthly security updates. If you care about security, get a Pixel 2 or 2 XL, (can't wait till I get my Pixel 2 XL) no ifs no buts. Every other OEM on Android you're pretty much at greater risk, and that includes Samsung who have been known to miss security updates on their own flagships while not as bad as the others listed (I'm looking at you HTC, LG, Xiaomi, OnePlus, Motorola and Nokia although Nokia going Android One have redeemed themselves now). It's already been proven by AC that the Pixel 2 and 2 XL are the most secure Android flagships. In Google I trust. This scandal justifies me choosing the Pixel 2 XL.
  • It's much to do about nothing. Should it have occurred? Of course not. Is hacking a serious problem for Android? ie. Daily news reports of consumer identity theft through Android? No. Have you ever considered paragraphs? Apparently not... Dude, your rant was unreadable. #prattle
  • That is the sort of attitude that will get someone hacked, you're the typical "who cares? It won't happen to me' kind of person, who buries their head in the sand, and pretend that the threat isn't an issue, but you won't listen and quite frankly I haven't got time for morons like you.
  • Now youre calling people out of their name who don't agree with you? What an immature prick.
  • Jeez just go away with ya, always trying to fight other people's battles, somebody really should throttle you. Now I'm only going to say this once, stop trolling and harassing me, butt out you self righteous ****, it's people like you that gives Android a bad name, now leave me alone before I report you to AC and get you banned from AC.
  • Or...I'll get you banned for calling people morons...see how that works? Have a good one. :)
  • I'm hoping he give us a review of the Leagoo M9 he says he's using until he gets his Pixel?
  • Lol
  • No BlackBerry Mobile mentioned? Hopefully they aren't lumped under TCL. Should have been listed.
  • Well, my DTEK60 seems to have missed 5 patches...
  • This article is very vague it only lists the J3 from Samsung and other manufacturers without listing the model name. I do not see any flagships listed and the patch details are not provided. So according to the article only Pixels do it correctly and are not suspectable to viruses or bugs. Bulls***t
  • You obviously have some issues with reading comprehension, where does it say the Pixels do it better? Although they are definitely the most secure Android phones and the only Android flagship I'll be buying, starting with the Pixel 2 XL. You fanboys are so insecure and paranoid it's pathetic.
  • stfu about a phone you don't have the money to buy and will never buy. your mom already told you No. she's not buying you one.
  • If only your opinion meant something, time to go back inside your mom's calling you, I can say whatever I want, and I will eventually get the the Pixel 2 XL and when I do everyone on here will know about it, now get lost and take your own advice and stfu.
  • Look I don't want to get into a slanging match with anyone here on this thread, just continue to use what works for you, if you care about security and fast updates, the Pure Android and Google experience (which is the best IMO) updates and on Android, get a Pixel, if you don't care about security and care more about features (judging by hostile and dismissive comments on here a lot of people care more about gimmicky features than security) then Samsung in particular and every other Android OEM has you covered, for me, security, fast updates and consistent monthly security updates and the pure Android and Google experience is very important to me and I won't settle for anything else. If my financial situation was better I'd be using a Pixel 2 XL already (instead of my Leagoo M9 Chinese phone) but that will soon change, and no other Android phone released will sway me from the Pixel 2 XL.
  • LOL.
  • You're that concerned about security yet you're using a Chinese OEM phone....
  • Not throughout choice, of I had the money to buy a Pixel 2 XL I'd be using it already and I'm not really enjoying using my Chinese phone (Leagoo M9) all and I already had malware on it which I had to factory reset it to get rid the Malware and it lags and it reboots sometimes, it's one of the worst phones I've used.
  • exactly "but i owned a secure iPhone and gave that up to Hate on everything but pixel"
    paid google troll
  • I use a Huawei and I tell you the last patch I got was last year April, they just don't care once you have your device.
  • Last week my Nokia 8 got the March security updates and last night it received the April security updates so I would say the HMD Global/Nokia are up to date as far as security updates go.
  • Wait, What? Neo with an ANDROID phone? what happened to prying your windows phone out of your cold dead hands? Damn...the world is coming to an end...ha ha ha ha! I am only kidding. Just like every other lover of windows HAVE to move on.
  • What's your point, I've had Android devices before this and will continue to have them after? What I had said is still true so unless you have a reply that is relevant to my original post then don't bother replying!!!
  • AH ha ha. touchy fanboy. I remember you stating that YOU would NEVER buy another android device, because they were ****, and iphones are out of the question because of the so called "evil empire" you are!
  • My unlocked Xperia X is on the March 18 update, so is my wife's locked S6. Both on the EE network here in UK. Sony says the April patch is ready to begin rolling out here. But my Note 4, which was originally locked to O2, is stuck on the August 17 patch on the O2 network, suggesting to me that networks must take some responsibility for this issue.
    But I've never had any security issues in my eleven years with Android phones. And I've never known anyone who has.
  • Security updates for the Note 4, which I also own, ended August last year. It recieved 3 years of security updates like every other Samsung flagship.
  • Networks are responsible for locked devices, even if you had them unlocked.
  • Well your wife's Galaxy S6 won't be getting any more security updates or your Note 4 as they're both more than 2 years old now.
  • The whole premise of the article is to show how Google does it better. It does not actually include a statement saying that. I have no problem with that argument, just wish manufacturer detail was included to see which phones actually missed the patch. Most likely it was only the mid to bottom tier phones.
  • I've also read, even the most out of date android phone is more secure than the average PC.
    Kind of puts things into perspective if correct.
  • That's why updates are rolled out to PCs regularly, never had any issues with malware myself although I've had a few close calls but the AV software has always caught it. I've never understood the mentality that you MUST turn off automatic updates.
  • It does surprise me at all, certain companies don't care being they already have your money. They tell people that they are patched just so they don't get a ton of calls or emails ask about said patches.
  • Like I said, you can only trust Google when it comes to security on Android as the rest on my care about your money.
  • Companies lying about their claims. Seems typical these days, and it's very sad.
  • Buy the blackberry keyone problem solved
  • The Pixel has replaced Blackberry as the most secure devices. But nice joke all the same lol.
  • You can search a bit around to find out, Android Enterprise is secured than Samsung Knox or not.
    Samsung Knox is secure as Blackberry smartphones and Samsung Knox use military degree security on smartphones and Samsung Knox is approved by the U.S Department Of Defense.
    Samsung Knox security features are also found in Google's smartphones. - On March 5, 2018 it was announced that since Android Oreo on Samsung devices with Knox 3.0, Samsung Knox and Android Enterprise are combined into a single solution