Report reveals more than a billion Android devices vulnerable to security lapse
A new report by Which? Has revealed that over a billion Android devices are now vulnerable because they do not get security updates by Google. The report states that these devices are vulnerable to all sorts of threats, including those that can lead to the theft of personal data. The report paints a rather grim picture for the fate of Android users, but there is another perspective to the story.
The report goes on to paint a scary picture to a considerable length of the story, to finally reveal that the devices in question are Android devices launched in 2012 (or before). That’s devices more than seven years old. Typically, Google, and other OEMs promise security updates for up to 2 years. Google formally made this practice mandatory in 2018. The report also states that if a smartphone is running a version of Android released earlier than Android 8, the devices would be vulnerable too.
If we consider the state of iOS devices, it was the iPhone 5 that was released in 2012 and Apple’s current version of iOS does not support it. In fact, iOS 10, which was released in 2016, was the last version of iOS to support iPhone 5, mean that the device (and those before it) have been without security updates for 3 years or more. In fact, Apple’s current iOS 13 only goes as far back as the iPhone 6s, launched in 2015, leaving all phones launched before it, without any updates, security-based or otherwise.
The report by Which? does also mention that they acquired Android devices that were only three years old, but were not eligible to run anything higher than Android 7, leaving them devoid of the newest security patches. However again, it was in 2018 that Google mandated OEMs to provide a minimum of two years worth of security updates to Android devices. What has become clear, however, is that people are either still holding onto their old devices or buying older smartphones, to begin with. This means that the two-year guarantee of security patches is just not long enough. Given that smartphones are fast become the centre of all our activities, personal, financial and even professional. Securing them should be the foremost priority of those making them.
from Ten9Tech 1
Via Mishraji Technical