Android phones may be lower-cost, more diverse in terms of features, and (in my opinion) more interestingly-designed than their iOS competitors. What they are not, however, is more secure.
Every so often, security researchers find fundamental weaknesses in the Android operating system, such as this bug that lets attackers hack your phone with a malicious .PNG image file. In these cases, Google will dutifully create and release a patch – but what if your phone doesn’t get it?
Android Still Has a Fragmentation Problem
Due to a process called fragmentation, Android phones often don’t receive updates and patches in a timely manner. That’s because Android is a licensed operating system that’s often customized by third parties. For example, if you have a Samsung phone, your version of Android is heavily customized to include things like Bixby, the proprietary Samsung digital assistant.
Samsung’s version of the Android operating system is so heavily customized that when Google releases a patch for Android, Samsung needs to customize the patch in turn. This goes for all other manufacturers, including HTC, Sony, OnePlus, and so on. Additionally, carriers such as Verizon can specify their own customizations to the patch as well.
The cumulative effect of this fragmentation means that security patches for the Android operating system will arrive very slowly – if they arrive at all. As an example of how bad the fragmentation is, Google released an entirely new version of the Android operating system in the summer of 2018. As of September 2018, less than a tenth of a percent of Android devices were running the new operating system.
Many Android users are still running the previous version of the operating system – Android Oreo. This isn’t necessarily bad news, as Oreo is still being supported by regular updates and patches. A plurality of users is still using even older versions of the operating system, and some of these aren’t being supported at all. Using these devices is not a great decision when it comes to information security.
How do I Get Around the Fragmentation Issue?
Unfortunately, your options here are not that great. If you own a phone that is directly manufactured by Google – such as a Pixel or a Nexus phone, you will receive regular updates straight from the source. Other phone manufacturers, such as Essential and OnePlus, make a deliberate point out of processing patches for their phones as soon as possible – you’ll receive Android updates right away.
Of course, the phones listed above are relatively high-end products. If you have a less-expensive phone, or a phone from a lower-tier manufacturer, your options become more limited. The companies that make these phones have made the calculation that it’s cheaper to sell you an insecure phone with an out-of-date operating system. They’re very unlikely to invest the time and effort it takes to push out a custom Android patch. Your best solution may be to purchase a new phone.
There is a glimmer of hope for some Android users. Due to the uniqueness of each version of the operating system, it’s possible that you have an Android update queued up and you don’t even know it. If you suspect that your phone is due for an update, go to your phone settings, select “about phone,” and then tap the “check for updates” button under the system updates tile.
Protect Your Phone with More than Just Updates
If your phone isn’t a flagship Android phone and it isn’t getting updated on a regular basis, there are still some ways to ensure that your phone isn’t vulnerable to bad actors. Namely, you can and should protect your phone with a mobile antivirus suite that can protect your phone from malicious apps and hijacking attempts. Take a look at our list of the best antivirus programs for Android and select a provider that can help you avoid a hacked phone!