Slashdot Mirror

← Back to Stories (view on slashdot.org)

71 Percent of Android Phones On Major US Carriers Have Out of Date Security Patches (betanews.com)

Posted by msmash on from the security-woes dept.

Ian Barker, writing for BetaNews: Slow patching of security flaws is leaving many US mobile users at risk of falling victim to data breaches according to the findings of a new report. The study from mobile defense specialist Skycure analyzed patch updates among the five leading wireless carriers in the US and finds that 71 percent of mobile devices still run on security patches more than two months old. This is despite Google releasing Android patches every month, indeed six percent of devices are running patches that are six or more months old. Without the most updated patches, these devices are susceptible to attacks, including rapidly rising network attacks and new malware, also detailed in the report.

2 of 103 comments (clear)

  1. Flaw of the Android Ecosystem by CrashNBrn · · Score: 5, Insightful

    That the end-user can't get basic android updates directly is Android's major flaw. OEM's should of been required to support the AOSP and any changes should of been done via extensions to the AOSP. Thus any device could easily stay updated for at least their current major version of Android.

  2. Re:Because Manufacturers Suck by Anonymous Coward · · Score: 5, Insightful

    Microsoft, Apple and Linux distros, that is, the majority of the the OS vendors, manage to provide a mechanism to keep your system up to date independently of the hardware vendors and other "third parties". This support even extends to multiple architectures in some cases: x86 is the most common, but ARM is also becoming common (on Linux, you have even more: POWER, MIPS, etc).

    Can you imagine having to wait for, say, Dell to OK to every package for your next "apt-get update"? Or for Toshiba to give Microsoft the OK for them to make an OS update available to you?

    No, you can't. But this is the situation we have with Google. And people accept this for some reason. They even excuse it in Google's behalf, because they are so great (despite not being able to do what a bunch of "freeloading" "amateurs" can do on a shoe-string budget).

    There is no reason why operating system and user space upgrades need to be tied to the manufacturer. None.

    This situation is Google's fault and no one else's.