71 Percent of Android Phones On Major US Carriers Have Out of Date Security Patches

Ian Barker, writing for BetaNews: Slow patching of security flaws is leaving many US mobile users at risk of falling victim to data breaches according to the findings of a new report. The study from mobile defense specialist Skycure analyzed patch updates among the five leading wireless carriers in the US and finds that 71 percent of mobile devices still run on security patches more than two months old. This is despite Google releasing Android patches every month, indeed six percent of devices are running patches that are six or more months old. Without the most updated patches, these devices are susceptible to attacks, including rapidly rising network attacks and new malware, also detailed in the report.

Re:I am very skeptical.

[XxtraLarGe]

I highly doubt that 29% of Androids are up to date.

This is just major carriers. Imagine how many unpatched Androids are out there on Boost, Cricket, Tracfone, etc. My wife has an Android on Tracfone and never had a security update notification.

Re:I am very skeptical.

[swillden]

I highly doubt that 29% of Androids are up to date.

Keep in mind that the security patch level field was added in Android Marshmallow (IIRC), and I expect that's what they're using to determine patch date. If so, KitKat and Lollipop devices aren't counted, and this really says that 29% of Android devices that are new enough to have Marshmallow or Nougat are up to date. That's not surprising, though it's obviously still far too low.

Unless, of course, the report assumes that anything running Lollipop or older is not recently patched, which seems like a reasonable assumption.

Not the only problem unfortunately

[Artem+S.+Tashkinov]

Android has a lot more problems than you think and Google does nothing to solve it.

We need a standard ARM platform, just like we've had the x86 platform since roughly 1981. And Google has all the resources to create and enforce it. And since they don't I wonder if they are malicious or negligent or it's just part of their business plan which is called "planned obsolesce". Too bad, in Google's case this obsolesce involves even original Google devices like Nexus 5 (stopped receiving any updates since October 2016) and it will soon be joined by Nexus 6.

That's just horrible.

Re:I'm in the 29%

I've never had bad guys or bad software infect my phone but I'm pretty sure that each "update" from google grabs more and more of my personal data and sells it to the highest bidder. Exactly who/what are these updates protecting us from?

Don't blame the users

[rnturn]

It's the vendors. Now we might be outliers, but everybody in my family installs patches whenever they come in. Maybe not immediately but at least later that day, i.e., when we're home and can be sure the phone is fully charged and maybe using WiFi if it looks like there's a lot of patches. When we were using Verizon, our phones were always getting version N when all the news and buzz was all about the newly released version N+1. When we switched carriers, Verizon still had our phones running the previous version of Android.