But don't take their word for it.
Google said that the findings from Security Research Labs may not provide the full story when it comes to ensuring Android devices are adequately protected against security risks: "Security updates are one of many layers used to protect Android devices and users".
It's already well known that Android phones tend to receive the latest updates weeks or months after the official release by Google.
Worryingly, in some cases, they were not.
There's no confirmation if this is true and we're guessing the only reason why this name could cause some controversy is that the Popsicle brand is mainly targeted at a U.S. and Canada market.
Nohl and Lell chose to investigate phones that had supposedly received and installed the latest Android updates.
They call this "patch gaps".
Both the researchers have released a note on their studies. Companies like Sony and Samsung only missed between 0 and 1, but TCL and ZTE were found to be skipping 4 or more. On a whole, these devices were having 9.7 missing patches.
Google on Thursday unveiled Google Go, a new app built to support Android devices with one gigabyte Random Access Memory (RAM) and below.
Mediatek always remains in the worst place, whatever the problem. "But the Android ecosystem is so complex". But the Samsung J3 (2016) claimed to have every 2017 Android patch installed when in truth it had missed 12 updates, including a pair that were considered "critical" to keeping the handset safe and secure. Nohl has observed a few cases, in which a vendor tried to deceive consumers about the security of their phone.
"Installing patches every month is an important first step, but is still insufficient unless all relevant patches are included in those updates", the researchers said.
Nohl declined to name the vendor, but he's been trying to hold smartphone makers accountable. The company also plans to make it available in other emerging markets, including India, Brazil and Indonesia, Masito said in an interview. "Since then, many device vendors have improved their patching frequency: Phones now receive monthly security updates". Google Pixel devices, on the other hand, didn't skip on any update and were the only devices to be on that list which were immune to this issue. It further argued that modern Android phones come with security features that make them hard to hack even when they do have unpatched security vulnerabilities.
Nevertheless, each patch on an Android smartphone is like a layer of protection.
Nohl and Lell opted for investigating the devices that had allegedly got and installed the most recent upgrades. The company is continually adding new safeguards to the Android OS that can isolate and detect malicious code before it gains a foothold.
SRL noted that missed patches doesn't necessarily mean that hackers have an easy time breaking into Android phones.
However, it seems that the OEMs are not taking this seriously.
Even though Google has managed to establish Android as the top smartphone operating system in the world, it has failed on a major front that ensures the security of your smartphone.