In the age of cyber attacks, smartphone users rely on regular updates.
However, according to the German security firm Security Research Labs, not only do , they have also been misinforming users by lying that their phones' firmware has been fully updated even when they have skipped a few security updates.
As reported in Wired, the lie was unearthed by the investigators Karsten Nohl and Jakob Lell who for the two years reverse engineered hundreds of Android phones' operating system, to check if each device contained the security patches as claimed with the vendor.  The article said that the duo found a “patch gap” where some vendors gave the users the impression that the phone was fully up-to-date, but in reality slew of cyberattacks.
Nohl tells Wired: “Sometimes these guys just change the date without installing any patches. Probably for marketing reasons, they just set the patch level to almost an arbitrary date, whatever looks great. “
Security Research Labs has been tested in the firmware of 1,200 phones, from more than a dozen .
It reveals that only Google's smartphones contained all the patches that were announced in security updates last year. While it is common that some vendors neglect to patch older devices, Nohl claims that there is a bigger problem at hand.
“We found several vendors that did not install a single patch but changed the patch date forward by several months,” Nohl tells Wired. “That's deliberate deception, and it's not very common.”
Security Research Labs has released an update to its Android app SnoopSnitch where users can check the actual state of their phones' security updates. Security patches on the third-party devices has always been an issue for Google and its Android operating system.
Although Google is the source of Android's security patches, the onus is still on the third parties – which includes Android phone manufacturers and network carriers – to send updates to the devices.
Google responded to Wired by stating that “modern Android phones have security features that make them difficult to hack even when they do have unpatched security vulnerabilities. “
The article also shared that Google simply removing a sensitive feature from the phone, rather than patch it, or the phone did not have that feature in the first place.
It also states that Google is working with Security Research Labs to further investigate its findings.