Back to All Events

10:50-11:50 Mind the gap: Dissecting the Android patch gap

Speaker(s): Karsten Nohl & Jakob Lell, SRLabs

The Android ecosystem has a long-standing reputation of haphazard security, with regular headliner bugs. Despite its open source roots, Android security is still a black box for most users. Security patches are little understood, and users have to blindly trust their phone vendors to install patches.

We find that this trust in the vendor's ability to patch has not always been warranted for all Android vendors.

Using a novel analysis approach, we find missing Android patches on phones or from firmware files. The analysis compares function signatures to large collections of pre-compiled samples. 

Based on measurements from tens of thousands of different phone builds we quantify and investigate the Android patch gap.


Earlier Event: June 6
10:35-10:50 Break
Later Event: June 6
11:50-12:50 Lunch