Slashdot Mirror

← Back to Stories (view on slashdot.org)

71 Percent of Android Phones On Major US Carriers Have Out of Date Security Patches (betanews.com)

Posted by msmash on from the security-woes dept.

Ian Barker, writing for BetaNews: Slow patching of security flaws is leaving many US mobile users at risk of falling victim to data breaches according to the findings of a new report. The study from mobile defense specialist Skycure analyzed patch updates among the five leading wireless carriers in the US and finds that 71 percent of mobile devices still run on security patches more than two months old. This is despite Google releasing Android patches every month, indeed six percent of devices are running patches that are six or more months old. Without the most updated patches, these devices are susceptible to attacks, including rapidly rising network attacks and new malware, also detailed in the report.

8 of 103 comments (clear)

  1. I get no updates from my carrier by imidan · · Score: 4, Informative

    I have a Galaxy S4 on AT&T. I just checked, and it's at Lollipop 5.01 and says its "Android security patch level" is 2015-11-01. Nevertheless, when I push the software update button, AT&T assures me that my current software is up to date. Apparently, 5.01 is the latest version available for an S4, but what about security patches? Are they just done making them? Was AT&T planning on telling me that?

    I guess I'm a bad consumer, using a four year old phone.

  2. Flaw of the Android Ecosystem by CrashNBrn · · Score: 5, Insightful

    That the end-user can't get basic android updates directly is Android's major flaw. OEM's should of been required to support the AOSP and any changes should of been done via extensions to the AOSP. Thus any device could easily stay updated for at least their current major version of Android.

    1. Re:Flaw of the Android Ecosystem by Anonymous Coward · · Score: 4, Insightful

      There is a lot of blame to go around.

      For Google's part, they need to put more pressure on the carriers. Same with the handset manufacturers.

      Apple has managed to exert enough pressure on the carriers to be allowed to issue updates directly without the carrier as middleman.

      Obviously there are some political issues at play - carriers would rather have more control, but I think a company like Samsung or Google has enough leverage at this point. It seems they don't want to make waves.

  3. Because Manufacturers Suck by organgtool · · Score: 4, Insightful

    We're running old software because the manufacturers don't care about us after they've gotten our money. My experience with the Motorola G4 is a prime example of this. The phone came out in May 2016 with Android 6. Android 7 was released in August 2016, just three months after my phone was released, and I still don't have any update available for my phone despite the fact that Android 7 has been out for seven months! The worst part is that the OS on the G4 is practically stock Android, so it should take relatively little effort to customize the image and push it out. It seems the only way to guarantee access to new versions of Android is to buy a Google phone but the Pixel has one of the worst performance to price ratios of any Android phone. At this point, I have no idea what my next phone will be, but I have a lot of ideas about what it won't be.

    1. Re:Because Manufacturers Suck by Anonymous Coward · · Score: 5, Insightful

      Microsoft, Apple and Linux distros, that is, the majority of the the OS vendors, manage to provide a mechanism to keep your system up to date independently of the hardware vendors and other "third parties". This support even extends to multiple architectures in some cases: x86 is the most common, but ARM is also becoming common (on Linux, you have even more: POWER, MIPS, etc).

      Can you imagine having to wait for, say, Dell to OK to every package for your next "apt-get update"? Or for Toshiba to give Microsoft the OK for them to make an OS update available to you?

      No, you can't. But this is the situation we have with Google. And people accept this for some reason. They even excuse it in Google's behalf, because they are so great (despite not being able to do what a bunch of "freeloading" "amateurs" can do on a shoe-string budget).

      There is no reason why operating system and user space upgrades need to be tied to the manufacturer. None.

      This situation is Google's fault and no one else's.

  4. Not the only problem unfortunately by Artem+S.+Tashkinov · · Score: 4, Interesting

    Android has a lot more problems than you think and Google does nothing to solve it.

    We need a standard ARM platform, just like we've had the x86 platform since roughly 1981. And Google has all the resources to create and enforce it. And since they don't I wonder if they are malicious or negligent or it's just part of their business plan which is called "planned obsolesce". Too bad, in Google's case this obsolesce involves even original Google devices like Nexus 5 (stopped receiving any updates since October 2016) and it will soon be joined by Nexus 6.

    That's just horrible.

  5. Re:I'm in the 29% by whoever57 · · Score: 4, Insightful

    By "up to date", do you mean that you have the latest firmware installed, or that the firmware that is installed has all the security fixes to Android that Google has issued?

    IOW, are you sure your phone hasn't been orphaned?

    --
    The real "Libtards" are the Libertarians!
  6. I mostly blame carriers by p51d007 · · Score: 4, Insightful

    It doesn't fit the business model of carriers & manufactures in the android world. Why update it, when you can just sell gullible people a new one? Most people (I'm in the USA) still think you have to purchase one from a carrier, so when they walk in after hearing their phone is "out of date" given most consumers are well...not very intelligent...will be pushed into a new phone that has the updates already installed. Then, a year from now they will do it all over again.