Android security: Patching improves, but fragmentation challenges remain
Android device makers have improved their patching processes over the past two years according to a new analysis, decreasing the time gap between when security updates become public and their integration into firmware. This is good news for the Android ecosystem, which has historically been considered worse than Apple’s iOS when it comes to patch hygiene. However, version fragmentation remains high in the Android world, with significant differences among device manufacturers and even across the same vendor’s product lines. This leads to many devices running versions that are no longer supported.
[ Give your career a boost with top security certifications: Who they’re for, what they cost, and which you need. | Sign up for CSO newsletters. ]
Berlin-based Security Research Labs (SRLabs) has published the results of its binary analysis of around 10.000 unique firmware builds running on many Android device models from different manufacturers. Most of the data was collected with SnoopSnitch, an application developed by the company to analyze mobile radio data for abnormalities that could indicate user tracking and fake base stations. It can also check if the Android firmware running on a device has the critical vulnerability patches that correspond to its reported security patch level.
Source:: IT news – Security