71 Percent of Android Phones On Major US Carriers Have Out of Date Security Patches

Ian Barker, writing for BetaNews: Slow patching of security flaws is leaving many US mobile users at risk of falling victim to data breaches according to the findings of a new report. The study from mobile defense specialist Skycure analyzed patch updates among the five leading wireless carriers in the US and finds that 71 percent of mobile devices still run on security patches more than two months old. This is despite Google releasing Android patches every month, indeed six percent of devices are running patches that are six or more months old. Without the most updated patches, these devices are susceptible to attacks, including rapidly rising network attacks and new malware, also detailed in the report.

I get no updates from my carrier

[imidan]

I have a Galaxy S4 on AT&T. I just checked, and it's at Lollipop 5.01 and says its "Android security patch level" is 2015-11-01. Nevertheless, when I push the software update button, AT&T assures me that my current software is up to date. Apparently, 5.01 is the latest version available for an S4, but what about security patches? Are they just done making them? Was AT&T planning on telling me that?

I guess I'm a bad consumer, using a four year old phone.

Re:Because Manufacturers Suck

[James+Carnley]

There is no reason why operating system and user space upgrades need to be tied to the manufacturer. None.

This situation is Google's fault and no one else's.

You have no idea how Android, the Linux kernel, or open source software works. I guess that's why you're hiding behind AC.

Each manufacturer is akin to a different distro of Linux. You in fact do have to wait for Fedora or Ubuntu to update their packages before you can apt-get them. You don't get them immediately. Nobody can force them to hurry up. Not Google, not you. They control the keys to apt-get.

This is because Fedora/Ubuntu/etc can modify the kernel source and the source of any package that goes into their system. They also have to make sure they all work together. Nobody else can do it for them because they don't know what changes they've made or how a change will impact the system as a whole.

Samsung maintains their own distro of Android. They control the kernel source. They control the packages included. They make a LOT of changes to the system. Only Samsung can update the packages they use and only Samsung can push out an update. Nobody can do it for them even if they wanted to.

Mine is one of them

[JustAnotherOldGuy]

Mine is one of them, but it sure as shit isn't my fault.

If my carrier would provide updates I'd install them. If I could get patches I'd install them.

Don't blame me for not buying a new phone every 3 months.