Patch Gap issues puts millions of Android devices to vulnerability

    A Patch Gap is nothing but the time frame taken by manufactures to roll out security patches for vendors. And in a given situation, if this time gap increases, then there is a high probability that millions of devices could be susceptible to sophisticated attacks.

    Making this issue a critical point of focus, Google’s Project Zero project discovered that manufactures are not paying in offering software updates to mobiles, after their first year of sale or else after the warranty period of phones and this is making the devices super-vulnerable to hackers.

    For instance, a patch related to ARM Mali GPU drivers was issued by ARM in July this year. And there are still many devices that haven’t received the patches, as their manufactures are showing disinterested in rolling updates at the earliest.

    Concerningly, the trend to not release the patches as early as possible was also being observed on Pixel, Samsung and Xiaomi phones, that usually sell like hot cakes all over the world.

    Google Project Zero says that manufactures must show an interest in patching their already-in-use devices or else their security teams might face harsh challenges that can put their businesses in jeopardy within no time.

    But Steve Johnson, who works as a security expert for a reputed mobile firm, has a different opinion on this scenario. He says that Google must take the initiative of rolling out security patches regularly till the phones reach their end of life. However, this doesn’t happen as the technology giant stops rolling of patches after the first or second year of purchase and implements the same on its reputed Pixel series of phones.

    Trade analysts state that the internet juggernaut does this with a purpose of generating sales for his next series of smart phones and so never rolls out updates to devices that are over 2 years old.

    Ad
    Naveen Goud
    Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

    No posts to display