Newsletter
Google believes manufacturers release security patches for their products late, and this has caused the patch gap. The company says the patch gap was one of its biggest security concerns for 2022.
With over 2 billion active devices, Android is the world’s most extensively used mobile operating system. Due to its fragmented nature and modifications by different manufacturers, the end users won’t get the security patches at the same time. In comparison, Apple’s iOS is controlled by one company, and all users can get an update package simultaneously.
Google blamed smartphone manufacturers for the delay in fixing security issues on Android devices
The latest Google’s Year in Review of 0-days report shed light on the security concerns, blaming manufacturers for their late release of patches to end users. The tech giant noted that in 2022, they saw “a series of cases where the upstream vendor had released a patch for the issue, but the downstream manufacturer had not taken the patch and released the fix for users to apply.”
Of course, Google says patch gaps could be found in most upstream/downstream relationships. However, they’re more common and longer in Android. One example of a manufacturer’s delay in releasing patches to end users is a vulnerability in the ARM Mali GPU. While ARM released a fix for the issue in October 2022, it took six months for users to receive the patch in April 2023.
Another example is a security vulnerability found in the latest version of the Samsung Internet browser. Because the app was running on a version of Chromium 102 which was seven months old. The hackers could take advantage of this gap to exploit the app. Google now called manufacturers to be faster in releasing patches to users so they could protect themselves. The tech giant also asked for a detailed analysis to identify the roots of vulnerabilities. Users must also keep their devices up-to-date with the latest security patches to protect themselves from cyber threats.