Android security update tracker: Ranking the top smartphones | #android | #cybersecurity | #informationsecurity

Major updates of Android don’t matter as much as they used to. Many components of the operating system are updated through the Play Store, so even if you’re on Android 8 or 9, you can still access most of the same apps and features as someone on the latest release of Android 10. However, the security updates that Google releases on a monthly basis are still critical to keeping your phone or tablet safe. Dozens of security flaws are discovered in components of Android each month, which is why Google releases monthly security patches.

However, unlike app and API updates, the security patches can’t be delivered directly to devices — phone manufacturers have to integrate the changes into their own flavors of Android, and release them as system updates.

It’s common knowledge that some companies are better than others when it comes to patching their phones, but making direct comparisons is somewhat difficult. It’s hard to track down information about when exactly updates are released, so news coverage often relies on device owners seeing the update themselves. Carriers and slow rollouts only make matters more complicated.

The good news is that we’ve done all the hard work for you. This is our ultimate security update tracker, where we’re giving each recent flagship phone a simple score from 1-10, based on how long it takes for security updates to get from Google to device owners.

If you’re interested how we gather this data and assess it, we explain our methodology more on the second page. Here’s the short version:

  • We compiled a list of dates for security patches for each major 2019 Android flagship, starting from January 2019 or when the phone was released in the United States (whichever was earliest).
  • The date for each security update is the first evidence we could find of a public rollout, either from an official announcement from the device maker, news coverage of the update, or confirmed reports from social media (whichever was earliest).
  • Each device’s score is calculated using a weighted average of the number of days between a security update’s availability and the device’s OTA being released, the resulting “score” being normalized into a number out of 10, and then a standard penalty being assessed for any given monthly update that is missed subtracting from that score.

It shouldn’t come as a surprise that Google’s flagships get perfect scores. Ever since the days of Nexus phones, Google has released security updates for its devices at the same time as the official security bulletins, effectively giving Pixel phones day-one updates.

Pixel phones are the only devices we’ve tracked that didn’t miss a single month. There are a few instances where a security bulletin comes out a day or two before the Pixels get their updates, and vice-versa, but on average the delay is still zero days.

If reliable and frequent security updates are your main concern when buying a phone, no other Android device comes close to matching the record of Pixel devices. Well, except for the Essential Phone, but those days are over.

Matching Google for first place is Samsung’s current flagship phone, the Galaxy S20. Granted, the phone has only been available to purchase for a few months, but Samsung has been extremely quick to update the phone so far.

The Galaxy S20 hasn’t missed a single month of updates so far, and at least once, Samsung has rolled out patches before Google’s Pixels. The May 2020 update began rolling out on April 29th, and was widely available by the time the Pixel 4 was updated.

Only time will tell if Samsung can keep up its rapid release schedule, but if last year’s Galaxy S10 is any indication, you probably won’t ever have to worry about security with the S20.

While Samsung has done a well enough job of keeping its flagship smartphones up to date with the latest security patches — the Galaxy S7 is still receiving quarterly fixes — the company improved its schedule slightly with the Galaxy S10.

Not only has the S10 received security updates in a timely manner, but it was also among the first phones to receive an update to Android 10. Not bad at all.

The Galaxy S10 has only missed two security updates since its release in early 2019: the patches for June and July 2019 were included in an August update. However, the S10’s typical delay from when Google’s security bulletins were published is the main reason it falls behind other devices.

The Nokia 9 PureView is the closest thing HMD Global had to a flagship Android device in 2019 (Nokia’s product lines have a lot of overlap), and even though the phone suffered from camera and fingerprint reader bugs when it launched, the PureView’s security update record has been fairly good good.

According to our data, the PureView has only skipped one month since its release. The May 2019 patch was never rolled out (Nokia combined it with the June patches), but that’s the only exception so far.

While there were a few instances of Nokia rolling out the update in the first week of the month, most patches were released around two weeks later. For example, the February 2020 update rolled out on February 24th, the December 2019 patches were released on December 31st, and so on.

Motorola released its first flagship smartphone in years, the Edge+, this past May. It hasn’t been available long, so we don’t have an extensive data set available yet, but Motorola is already off to a rough start.

The Edge+ shipped with the March 2020 security patch, and the first update with the April 2020 patch arrived over a month late on May 13th. However, the June 2020 patch landed much quicker on June 11th, so we’ll see if security rollouts for the phone improves as time goes on.

Since its US release in early 2019, Sony’s Xperia 1 has skipped quite a few security updates. In general, updates were delivered on a bi-monthly basis, but the phone did go three months without an update during one period.

Sony skipped the July and August 2019 patches for the Xperia 1, but the phone finally was updated in September. Since then, the company has been more consistent with patches.

The Xperia 1 is coming up on its first birthday, so let’s hope Sony doesn’t drop the ball again after its successor is eventually released.

I certainly didn’t expect an Asus phone to be in the top half of this list, but I have to give credit where credit’s due. Even though this isn’t an incredible score, it does narrowly beat out devices that are often perceived as providing more frequent updates, like the OnePlus 7 Pro.

The Zenfone 6 was something of a turning point for Asus’ mobile division when it was released last year. It great device in its own right, as we highlighted in our review, but Asus also made frequent updates a higher priority.

Still, there’s some room for improvement. I hope Asus can keep it up with its next mainstream phones.

OnePlus is typically praised for its quick updates, so this score for the company’s final 2019 flagship might come as a surprise to many of you. However, as the old saying goes, the data doesn’t lie.

The 7T Pro was released only a few months before the coronavirus outbreak in China, where OnePlus and other Chinese OEMs had to work at limited capacity. The 7T Pro didn’t get its January security update until February 14th, for example. Since then, the update schedule has been more consistent, but still only bi-monthly (and usually 2-3 weeks after Pixels).

It’s worth noting that OnePlus does have an Open Beta program, where device owners can receive updates before they are ready for prime time, but that can come with bugs and other consequences.

The OnePlus 7 Pro has been available since mid-2019, but for the moment, it gets the same score as the newer 7T Pro. Like the company’s other phones, the 7 Pro typically skips every other month.

However, OnePlus sometimes makes up for the skipped updates by pushing the next one quickly. The phone didn’t get a July 2019 update, but the August patch was delivered on July 31st ⁠— five days before Pixels received the same fixes.

I know this will come as a total shock to many of you, but LG is not good at updates. The company’s mainstream 2019 flagship, the G8 ThinQ, has skipped several months of updates and has a high average delay.

However, there is one major caveat to our data on the G8: we’re using rollout dates for the AT&T model, because there isn’t enough public data about the US unlocked version.

The added step of carrier approval could be adding some delay, but the frequency of patches is the G8’s primary issue. There were no updates at all from late September until mid-February — and the February update only had the December patches.

Motorola has a known history of being extremely late with software updates, unless you happen to live in South America (where the company tends to focus its resources). As such, the Moto Z4’s position near the bottom of this list probably isn’t much of a surprise.

The Moto Z4 has an average update delay of over a month. However, it’s more likely for Z4 owners to not get an update at all. The Z4’s first update came in mid-July (containing May patches), then there were no updates at all until mid-November. Oh, and the November update was two months behind in security patches.

Asus has offered frequent and quick updates for its main flagship, the ZenFone 6, but that same attention has not carried over to the company’s current gaming phone.

The ROG Phone II gets the lowest score on our scale for two reasons. Not only has the phone skipped several months of updates in less than a year on the market, but the security patch levels are always significantly behind most other phones. For example, the ROG Phone II didn’t receive the August 2019 patch level until October 2nd.

There was also an extended delay in security updates while Asus was working on the phone’s Android 10 update. The ROG Phone II was stuck on the October patch level from last November to when the Android 10 update rolled out in March of this year.

We plan to keep this guide updated as each new month passes. See the second page for info on how we’re dealing with factors like regions, staged rollouts, calculating dates, and more methodological info.

Special thanks to The Android Soul, Xperia Blog, SamMobile, and 9to5Google for covering some of the device updates we would have otherwise missed.


Get your CompTIA A+, Network+ White Hat-Hacker, Certified Web Intelligence Analyst and more starting at $35 a month. Click here for more details.

.  .  .  .  .  .  . .  .  .  .  .  .  .  .  .  .   .   .   .    .    .   .   .   .   .   .  .   .   .   .  .  .   .  .

Source link
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Leave a Reply

Shqip Shqip አማርኛ አማርኛ العربية العربية English English Français Français Deutsch Deutsch Português Português Русский Русский Español Español

National Cyber Security Consulting App







National Cyber Security Radio (Podcast) is now available for Alexa.  If you don't have an Alexa device, you can download the Alexa App for free for Google and Apple devices.