La smartphone security at the operating system level it is very often underestimated. Every device, regardless of manufacturer, receives (or should) monthly updates that should fix those security holes. These updates are called security patches. But do they really fix the vulnerabilities of our devices? To understand this we will first have to understand that what are smartphone updates and what types of updates exist. Let's proceed.
Security patches risk (and do) not solve all the vulnerabilities of a smartphone: we shed light on the thorny and convoluted story
First of all we will have to understand how many types of updates a smartphone receives, regardless of the time base. As we said in theory, security patches should arrive monthly. These are managed entirely by Google, owner in a certain sense of the Android system on board most of the devices we have at home. Clearly here we are not talking about Apple smartphones, which are a case in themselves.
In essence, Google works as an aggregator of problem reports. Developers in turn build builds, corrective updates which should in theory go to fixation any bugs that have been reported. Going to the pages related to security updates, we will understand how many exist and how complex it is to deal with them. Corresponding to each updates, there are gods identification numbers and a degree of severity of the flaw.
Then there is another section that is dedicated to the vulnerabilities not of Android, as we have just seen, but of individual companies, or rather, hardware manufacturers. Between these Qualcomm, MediaTek and so on. A parenthesis now: not only the Android operating system needs to be patched, but also the device itself which is made up of hardware from not Google. Think for example of several non-proprietary sensors.
Google's task is, as mentioned, to collect reports, correct them and send update packages (or security patches) to individual companies. In essence, it deals with correcting ALL vulnerabilities, not just those of Android. Here, however, there is a knot: every time that Google releases these packages to the "updaters", and therefore to the companies, they must check that they do not create problems on their devices.
Summing up, there are three types of updates inside the patches:
- the generic patches from Google
- component patches used by a specific phone
- patches related to the manufacturer's customizations at the system or interface level
What do individual manufacturers like OnePlus, Xiaomi, Oppo and company do?
Here falls the azino. As mentioned, individual companies must check that the work done by Google does not trigger any problems in their devices. We users can control this work, even if it would be too cumbersome and, after all, we don't care that much. Better to complain that the patches don't fix the problem. But in any case, returning to the heart of the matter, by going to the pages of the individual companies we can check if the patches really fix the bugs.
But if we go to see the list of individual companies related to security patches and compare it with the Google list, what happens? We can note that they are practically identical. In some ways this heartens users, but not all that glitters is gold. Possible that the customizations (MIUI, OxygenOS, ColorOS and all Android skins) have no bugs? Possible, but not likely. Where have all the "single" bugs regarding Android customizations gone?
Example. Let's go on Oppo Find X3 Pro security page. The bugs closed by Oppo are in fact those of Android closed by Google, exactly the same. The two “critical” flaws are the same closed by Google and Qualcomm, the first linked to Android and the second linked to a component of the Snapdragon.
Second example, OnePlus. This company even behaves differently by not reporting even some security patches. In official page in fact, there are no security patches implemented by Google. Basically OnePlus only partially implemented fixes.
Having said that, albeit Qualcomm has announced 4 years of updates for newer processors, we can't be sure that individual companies will send out corrective updates as we expect them to be. Unfortunately we end users cannot rest assured and believe that individual companies release builds that make our smartphones safe and secure. Unfortunately, however, there are no escape routes except for class action worldwide that try to move individual brands.
On offer on Amazon
Through | D Day
