Half of all Android phones weren’t patched last year
Delays in Android updates could be putting users at risk.
In an update on its security blog Google has patted itself on the back, noting that some 735 million Android devices received a security update in 2016 across an impressive sounding 200+ manufacturers.
Android’s open nature has given it immense flexibility, but at the cost of potential security, because any open system is one that’s open to exploitation. That figure is also somewhat concerning when Google itself notes that there are more than 1.4 billion Android users. In practical terms, that means that at least half of all Android users didn’t get an update covering security issues for their devices last year.
Why doesn’t Google force security updates?
The issues around updates to Android phones are complex, and the only current phones that Google retains the kind of control are its own Google Pixel and Google Pixel XL phones. If you’re using one of those, you should receive updates as soon as Google pushes them live.
For other phone manufacturers, it’s a much more complex affair. Updates have to pass muster first with the manufacturer itself, and that’s a process that involves testing across as many variants of a phone as it produces. For some phones across international territories that can encompass six or more variants for a single phone model.
Even then, the jumping through hoops isn’t necessarily done, as the patches (as distinct from full operating system updates) also generally have to pass muster with individual telcos, concerned that any security update could have an adverse effect on network performance. If you’re using a phone supplied by a telco, or often one that’s had carrier settings implemented, you may well end up waiting for their approval to officially grab security updates.
To be fair, matters here have improved in recent years in terms of absolute timeliness, but it’s a big jump away from the iOS model, where Apple retains absolute control over its operating system updates. The flip side of that particular issue is that any bugs or flaws in iOS are far more likely to spread widely due to Apple’s ability to push out updates itself.
What can I do to keep my Android phone safe?
It’s worth keeping up to date with any security updates as they appear, even if they’re a little late. Typically for most Android phones you should receive a pop-up notification alert when they’re ready, but you can always check for them, typically under Settings>About Phone or Settings>Software Update depending on your make and Android version.
The other aspect of keeping your Android phone secure is ensuring that you’re only installing apps that come from reputable sources. Google’s own Play Store remains your safest bet for such installs. While it’s not unheard of for dodgy apps to pop up in the App store, Google is rather aggressive when it comes to removing them. As per the company’s claims, it dropped the install rate of Trojans by 51.5 percent compared to 2015. Hostile downloaders dropped by 54.6 percent compared to 2015, backdoors dropped by 30.5 percent compared to 2015 and finally phishing apps phishing apps dropped by 73.4 percent compared to 2015.
It’s also worth keeping an eye on the kinds of permissions that individual apps require when you install them. In some cases it’s fine for an app to have access to the camera, because it may need it for operation, but does it really need to access your system’s SMS facility in order to function? If an app seems to want a lot of permissions to perform relatively mundane tasks, it’s worth considering its reputation and whether other, less invasive alternatives are available, especially for free apps.
Finally, if you're using a much older Android phone where operating system updates have ceased to be offered by manufacturers and you don't fancy going down the myriad rabbit holes that flashing the operating system itself entails, it may just be time to look at a new handset. The history of manufacturers offering upgrades for older Android phones isn't rich with long tail upgrades, so from a security standpoint often upgrading the hardware will be the most sensible step.
Follow us for all the latest mobile phone news and deals