1(630)802-8605 Ravi.das@bn-inc.net

My first Smartphone was a Verizon flip phone.  I had that for a number of years, until I saw the power of the iPhone.  So, in the end, I finally got an iPhone 5, and have stuck with that version ever since then.  I believe that I got this phone in 2012.  The only major upgrade I did to it was to get an iPhone with a metallic casing.  I have not upgraded since then and have no plans to.

I am not the type to be allured by the latest and greatest technologies.  I just need my iPhone primarily for email, and of course, the phone component. In fact, when the iPhone X came out some time ago, I saw on TV the lines people standing out for hours waiting to plunk down $1,000 on it.

I just kept asking myself why???  Is it really worth that much money?  I guess to some people it is, but to me it is absolutely NOT.

So, all of this brings up another point:  The vendor with whom we are dealing with.  For instance, when we want to get a new phone, or in my case, a new iPhone, we have to visit the actual store in order to obtain the new device and get it up and running.  Ver often, when I have visited my local Verizon store, the people there have been very friendly (at least so far) and have always seemed to be very knowledgeable to me, at least.

Because of this, there is a certain trust that is developed with them immediately.  Of course, I do not know the personally, but because of the professionalism that they display, we have that trust that they are serving our best interests.

It is not only selling us the right device that we need but making sure that the actual device is working properly, and most importantly, that it has the latest security features installed onto it.

The last part is obviously the most important.  But in reality, this is not happening.  You can’t blame the store employees.  But rather, the entire blame goes on the shoulders directly of the vendors that hire them.  After all, these employees are given the information directly from them about all of these technologies.

According to recent study, “. . .  most Android vendors have been lying to users about security updates and telling customers that their smartphones are running the latest updates . . . [other] big players like Samsung, Xiaomi, OnePlus, Sony, HTC, LG, and Huawei are not delivering you every critical security patch they’re supposed to . . .”  (SOURCE:  https://thehackernews.com/2018/04/android-security-update.html).

This study was conducted by Karsten Nohl and Jakob Lell of the German security firm Security Research Labs.  If you are interested, the actual results of the study can be seen by clicking on this link below:

https://srlabs.de/bites/android_patch_gap/

In this study, some 1,200 Smartphones were examined from well over a dozen vendors, and it was the Android devices that were the most notorious for having unpatched devices.  For every patch that was released, there was an equal number of Android devices that did not have these latest patches installed onto them, thus causing a “patch gap”.  Of course, this only meant fodder for the Cyber attacker.

But, not every vendor is to blame, those that had the recent patches installed onto their respective devices (at least for the most part) were the likes of Google, Samsung, Wiko Mobile and Sony.  The ones that were the worst were the wireless vendors from China, which includes Xiaomi and OnePlus.  Any surprise here in this regard???

Because of these troublesome findings and for other security reasons as well, Google recently launched “Project Treble”.  This is in an effort for the company to gain much more control and insight into making sure that their Android devices are indeed installed with the latest security patches and upgrades as they come off the assembly line and into the waiting hands of customers.

One of the companies that initiated this study (Security Research Labs) has even come out with a free downloadable tool in order to make sure that your Android device does indeed have to the latest security patches and upgrades installed onto them.  It is called “SnoopSnitch”, and it can be downloaded at the link below:

https://play.google.com/store/apps/details?id=de.srlabs.snoopsnitch&hl=en

It should be noted that in this study, only the Android devices were examined.  But regardless of that, I find it completely reprehensible that the major wireless vendors would lie to not only their employees, but to their customers as well that their devices were up to date in terms of security.  I mean, what is there to gain from that?  Seriously think about it.

We are dependent upon them to give us the best and most secure device when we first acquire them.  Once it is in our hands, then of course, it is up to us to keep it updated.  In my view, there should be some sort of federal based, regulatory body that oversees all of this to make sure that each and every vendor (and yes, even those from overseas, especially from China) are indeed delivering what is promised, at least from the standpoint of security.

This quote sums it all up: “Sometimes these guys [the wireless vendors] just change the date without installing any patches. Probably for marketing reasons, they just set the patch level to almost an arbitrary date, whatever looks best . . .”  (SOURCE:  https://thehackernews.com/2018/04/android-security-update.html).

In the end, it is the wireless vendors that are only hurting themselves in the end.  If a customer finds out that one of them lied to them about the security level on their newly acquired device, all they have to do is blast out on social media and I am sure it will go viral in just a matter of minutes.  Lost customers mean lost revenue, giving room for their competitors a change to step in to make a wrong situation right again.