Monthly security patches are the most important updates you'll never get

Android is broken. We're all fans here, and I'd never want to switch to any other smartphone platform for my own needs, but we all know inside that Android is broken. The introduction of monthly security patches and how most of us aren't getting them only solidifies this simple truth.

Let me explain. Android is a huge convoluted set of source code files. It's not a stand alone product, as someone needs to build the actual product from those sources and distribute it. Any of us, with a little studying and some time, can take those source files and build an operating system out of them. Because most of it is open source, we can also change anything we like to make something unique. Google the words AOSP custom ROM — all of those people have access to the same code that Samsung or LG uses to build their "Android" with. It's fabulous.

Google encourages people to look through the code, try to break everything, be sneaky as hell and find security vulnerabilities in Android. Android may not be the most "open" open-source project out there, but the way they encourage others to find bugs and exploits is really great. Cash incentives work really well for a lot of things.

We're promised monthly updates, but instead we get a few updates on specific versions of a small handful of models. And a bunch of broken promises.

Once a month, since August of 2015, they take the information other people have given them about bugs and exploits, and edit the code to try and prevent it from happening. Code maintenance and security patching isn't fun or easy, but it's part of responsible software development — take care of your users. They then publish these changes, both in the code itself and as a bulletin so we know what they did without looking at code commits, each month. Nexus products get a small OTA security patch soon after.

Google's partners who make the phones we love get the changes a month in advance so they can also be ready to update as soon as they can. Some, like BlackBerry, are able to push these updates right away, with a short delay for carrier branded (remember this, it's important) models. Others take a little longer, and some phones will never, ever get any security patches.

These are the important updates. We all love the idea of getting new features and a new version of the operating system, but these patches are what you need to make sure the phone you keep your digital life inside is fit to use. Read some of the exploits addressed the next time Google announces their monthly patch notes. That's some scary stuff, and one day someone is actually going to release some bad software that takes advantage of all the unpatched phones. A bonafide Android security apocalypse is a real possibility.

That is broken. That needs fixed.

Security patch level under 9000

But fixing it is almost impossible. Companies modify the source code in ways that Google's updated code can't just be dropped in and everything rebuilt. Maybe they shouldn't be messing with the core of Android itself, but it's open and they can. Remember, companies want Android to work with their software and services as well as they can make it. This means they have to do much of the work fixing these issues themselves, and that takes time. And they have their own security issues to worry about with software they wrote in-house.

Companies get in the code and muck with things because it's open, and they can.

Sometimes, these companies also make "special" variations of their phones for carriers. Just because your phone says Samsung Galaxy S6 on the back doesn't make it the same as the one made specifically for Verizon or AT&T from a software standpoint. These phones are made to the carrier's specifications, and they get final say over software changes. All of this makes the complicated process of updating a phone even more complicated. Add in the fact that people building phones think some models aren't worth the time and money it takes to update them (and that is even more broken) and all of this is why most of us aren't getting the updates we deserve that make our phones safe.

We all want Google to step in and fix all of this, but the way Android works makes it almost impossible. Things could be re-written so that the code is more compartmentalized and certain areas could be independently updated (kind of the way Google broke out the web view component) but that would mean almost starting from scratch. And companies would still get in and muck with things because it's open, and they can. Then we're back where we started. Some people even think Google should stop allowing companies to use their services if they can't keep their phones updated, but legal issues mean that will never happen. Stop saying it.

The only reasonable way to fix this whole mess is for companies using the Android code to build phones (and tablets, and laptops and microwaves) to be more responsible. We thought that was going to happen when people like Samsung and LG promised monthly updates, but instead we got a few updates on specific versions of a small handful of models. And a bunch of broken promises.

We're going to see a slew of new phones from just about every company out there at MWC in the coming days. Unfortunately, most of them won't be getting the updates they need to keep them safe and secure. Remember this when you spend your money on your next.

Jerry Hildenbrand
Senior Editor — Google Ecosystem

Jerry is an amateur woodworker and struggling shade tree mechanic. There's nothing he can't take apart, but many things he can't reassemble. You'll find him writing and speaking his loud opinion on Android Central and occasionally on Twitter.

  • Shout out to Lenovarola and Verizon.. Posted via the Android Central App
  • It's fabulous The tip is not included! So tip your Uber driver.
  • What about dropped Nexus devices. My Nexus 4 still runs pretty well, and I guess I'm grudgingly okay with it still being on Lollipop. But I still need security updates. I think I may have gotten one or two since Marshmallow came out, but I'm not sure. Anybody know whether it's Google's official policy to keep these devices safe?
  • That phone has seen more than enough support now. You can't expect them to update it forever. Even with just the monthly patches.
  • Wow. This is kind of scary that buying a phone from certain companies can mean a sacrifice.
  • Yeah, it's scary enough that for me, also a BlackBerry 10 user, that I'm thinking that my next Android device has to be Nexus, BlackBerry, or no more Android for me. I'm currently using a Q10, Galaxy S5, and a Nexus 7 2013 for the most of my computing needs. I feel the BlackBerry is quite secure, I feel that the Nexus 7 being a Nexus device is reasonably well updated and secure enough, while the S5 saw the November security update and nothing since. That also included a few changes from Sprint which caused a complete loss in connectivity by the way and I had to swap out the phone because Sprint couldn't figure out how to fix it. I don't feel that safe using it. Flicked via the BlackBerry Keyboard on my S5
  • Android isn't broken Samsung and LG are. The two companies who ruin a perfectly good operating system. Posted via the Android Central App
  • I slightly disagree, some ways samsung and lg ui enhances android but other times it degrades. If all android oem only used stock android it be like cough ios cough... Posted via the Android Central App
  • Umm. No. Posted via the Android Central App
  • Dual Window Enough said A small loan of a broken G4
  • Eh, LGs dual window implementation is seriously limited compared to Samsung. It is what it is. Posted via the Android Central App
  • I'm not just stating LG's implementation. Samsung's one is excellent. A small loan of a broken G4
  • Either way it's there. Not so much for vanilla. Posted via the Android Central App
  • True. I had to root and download an app to enable all apps to be included in the multiwindow selection. Posted via the Android Central App
  • Its all about control, Apple have control over iOS so in term of fixes and updates they are faster than anything.. Google owns Android and they can provide faster updates to nexus cuz its not tie to any operator, almost all Nexus runs same OS.. but with Samsung, LG or others they have carrier mess and also for each region different configuration.. everything aside they have there own skins(even OEM without skins can't do things better) this can only be fix by having control.
  • And that's exactly how it should be at this point. We all went through various manufacturers, me - HTC & Samsung before I went nexus. Nexus is by far the best. Android at this point should only be 1 os with no skins. Manufacturers compete on hardware. Or take the Moto & Blackberry approach and only slight modification so you can actually update it. Posted via Techmology
  • Google just needs to make it a REQUIREMENT to use the google apps that a security update of base files must be able to be pushed from google. Obviously a restucture would have to be written but they need the control like apple has. OEM's can still modify whatever (look at what you can do with a nexus, stock android, and a little time) but they would obviously have to change the way its done. period.
  • They tried to encourage manufacturers to build "stock" versions of their flagships, which would get updates quicker. "No one" bought them. So we only have ourselves to blame.
  • Well, it's hard to buy something when it's not available for purchase. If the Google Play Editions had been more widely available, maybe they would have sold better.
  • What?? Posted via the Android Central App (Motorola Nexus 6 - US Cellular)
  • But those themes tho.. The tip is not included! So tip your Uber driver.
  • My last security update was back in December. Scary. Posted via the Android Central App
  • Yet you don't say what phone or carrier you are over. Fud Posted via the Android Central App
  • I sold my AT&T S6 Edge+ a month ago. At that time it was on the October security update. Verizon was on November and T-Mobile was on December. It's no FUD. All of us Android fans who are burying their heads in the sand because it's easier or because this supposedly hasn't impacted that many people yet are not doing anyone any favors. This needs to be fixed, and the primary culprits ib my view just based on the example I gave above, are not Samsung and LG, but rather the carriers. The only major changes that AT&T made to the stock S6 Edge were a bunch of bloatware apps, and not allowing the Hotspot button to be used as a shortcut. There is absolutely no justification for them to delay the security updates beyond a week or the after Samsung releases them, and Samsung releases them within a week or two of Google for their latest devices. Posted via the Android Central App
  • Actually it isn't so much the carrier as it is Samsung in this case. I don't thing you'll find a Samsung phone on the planet with with a security update later than December
  • My dad's Galaxy A5 2016 is on the January patch. Doesn't seem to work with US LTE bands, though. :/
  • For any Galaxy S or Galaxy Note phone less than two years old, it's all because of carrier agreements. While Samsung really needs to update every model less than 2 years old, they also need to tell the carriers to go to hell and renegotiate their contracts. Set up their own financing program and sell phones direct. If anyone can do it, Samsung can. And I'll buy one every damn year to support them.
  • If Samsung sold an unbranded unlocked device directly to consumers, I'm going for that option. I'm getting tired of dealing with carrier BS, which is why I always use unlocked devices, even if some don't work on all US LTE bands. If OEMs sold unlocked devices directly, I'm going for that option.
  • Sadly even a unlocked Samsung means EFF all. I got a unlocked s6 and it's not received a update since last year. It's simple really , Samsung and updates just don't go together. Great hardware but support is pathetic. It's why am thinking of switching to a Nexus when the new Nexus devices come out. Posted via the Android Central App
  • Agreed, I loved my Note 5 which is sitting a foot away from me with a dead battery and unused for two months now. I would buy an unlocked full bands phone that can be taken to any carrier. Actually I'd buy two one for me one for the wife.
  • Samsung unlocked would be the dream. Posted via the Android Central App
  • I'd buy one for my family and every friend who prefers Samsung (not a fan myself, but can certainly respect what they bring to the table). I'm still holding out the fleeting hope that the only difference the carrier versions of S7 variant devices will have is a tramp stamp and a delete-able preload of whatever carrier account management app (my Verizon, etc.) the phone comes on. I'm hoping for 2 maybe 3 SKUs worldwide for each S7, G5, and M10 device (really all OEM's but I'm not nearly that optimistic) Posted via something running something it's not supposed to...
  • That's what we have here in germany. Posted via the Android Central App
  • I agree. I have the HTC One m8 and the last security update I got was many, many moons ago. I keep coming on Android Central hoping to see an announcement that I will be seeing an update soon. This will be the last carrier branded phone I buy. From now on, it will be Nexus/ GPE or whatever gets me the regular updates that are supposed to keep us as secure as we can reasonably be. Posted via the Android Central App
  • I have the m8 and it was updated in January with T-Mobile. So I'm up to date. Until that point, received one in December, but not anything before that. So I've gotten the last 2 patches with T-Mobile htc one m8. Posted via the Android Central App
  • I can't use T-Mobile since I live out in the country and wouldn't have good coverage. I think I will convert mine to Google Play Edition if it looks like that would solve the problem. Posted via the Android Central App
  • Note 4 and Verizon. Posted via the Android Central App
  • Mine was Oct... Worse..
  • Unlocked Galaxy S6, XEU European model, not had any updates since September. This is an UNLOCKED, not on network, device Posted via the Android Central App
  • The story might have mentioned which companies do provide regular updates (hello Google Nexus and BlackBerry devices) ;)
  • Sad thing is that Google Nexus is not as widespread as the others. Second, Blackberry does it because it only has one phone? Is that correct? Does it have one? :P
  • This site won't let me edit my own incorrect comment. The nexus devices ARE mentioned. My bad.
  • It does. You just have to do it within 15 minutes. Not unreasonable Posted via the Android Central App
  • Sometimes, it won't allow you to edit after one edit. You have to refresh the page.
  • So in other words, someone needs to use a hack that Google fixed months ago to hack into some phones...that'll hopefully fix the lack of updates issues Posted via the Android Central App
  • My last security update was 11-1-15
  • Do we get to hear Samsung and LG'S side of the story as to why these updates aren't happening like they should? Probably not. Posted via the Android Central App
  • The lack of transparency is puzzling.
  • That would be a great start. "We are working on fixing XXX on your XXX phone. In the meantime, please be careful and follow these tips to keep your XXX phone secure ..."
  • I never even thought of that, just an info release alone would be 10k times better than the current situation. Posted via something running something it's not supposed to...
  • I read the wonderful back story of the Galaxy S2 update bricking phones. From that read, it doesn't sound like Samsung has any interest in software maintenance. With as many devices as they have and all the variations, they'd never to be able to keep up to date. They'd have to overhaul their entire ecosystem, and then it would only be for moving forward. And even then, it would be rely on integrity to not implement workaround and kludges. For any manufacturer, software support is an expense. Its not something that makes the company more valuable. From their perspective its more important to keep up in sales to stay ahead. And the average end user, who doesn't deal in the technical side of devices, won't care. The short sightedness of this pattern is that as consumers realize the actual cost of their phones, they might start holding onto their phones longer. Which in turn means they should factor in to their purchase considerations software support.
  • I'm good to go. Posted via Nexus 6 running on any data plan I want
  • Yep Posted via the Android Central App (Motorola Nexus 6 - US Cellular)
  • Who here without a nexus as a daily driver fell victim to a hole in their phones security.... I'll wait.... Posted via the Android Central App
  • I use that argument frequently. It's going on years without a notable incident. Still more money in hacking store POS systems and company severs. And considering the money and profit surrounding it, probably more money to be had hacking iOS. Posted via the Android Central App
  • Nothing has ever happened until the first time it happens. Posted via the Android Central App
  • That borders on a paranoid statement :) It is nonetheless true but it also about choosing whether or not to live in fear all the time.
  • No problems here Posted via the Android Central App
  • You good? I'm good. We have a boring phone with no features. Oh well. I need a cab. Posted via Nexus 6 running on any data plan I want
  • LoL Posted via the Android Central App
  • Yes you are right, we do have boring phones with no features. But hey we get to be beta testers! Posted via the Android Central App
  • This. We are all beta testers!
  • And this is the purpose of the press. Don't slaver over the latest Samsung, or Verizon Droid, etc. Call them out, keep calling them out, fail them on reviews until they prove otherwise, get the general press/media on board. Otherwise, they're complicit in the problem. Posted via the Android Central App
  • Absolutely right. But then the press should call them out on battery life, launching without the latest version of Android, poor sound, dim screens...
  • Look, this seems like a pretty easy fix. Google has recently started updating core programs through Google Play instead of the firmware update process, yes?
    Why can't more core files be updated the same way? This bypasses the carriers and even the manufacturers...At least on some levels...this can be done can update Chrome, GMAIL, messenger, hangouts, etc. Google had plans to build a modular phone, which is brilliant...want a nicer camera later? Done. Morr ram or faster cpu? Better flash or bigger battery? Done.
    This same idea should be applied to their OS. Posted via the Android Central App
  • Well the modular phone thing isn't going to take off. Posted from my Nexus 6/Nexus 7 2013/Surface Pro 3
  • Welp it may in countries like India.. The tip is not included! So tip your Uber driver.
  • See the trend in what you're saying? You can update software that Google has complete control over. Nobody else. Google could (in theory) break out, let's say, the Bluetooth stack. Write an updater program that can make sure you have the latest version installed, and put that updater app in the Play Store. But it won't work with Samsung, HTC, Lenovo, LG or any other company that changes the Bluetooth stack. These companies feel the need to alter the core system files so that they work better with their hardware. Often, they do work better. But Google can't fix any of it.
  • So how about this. Let Google force the issue. So they update a core file and give Samsung, LG or whoever a months lead time on it. Tell them simply that this is the way it is and if you don't comply with the fix, your phone may break. Update it anyway and put the oems feet to the fire Posted via the Android Central App
  • +100 Posted via the Android Central App
  • Because then Google screws every user except the 1.1 million with a Nexus phone. Purposefully screws the user to try and teach an OEM a lesson.
  • I get that but I would think that blowback would go back to the OEM at that point, Google gave them enough time. Tell them now that a year from now this is the way it is going to be.
  • That's a lot of beer Posted via Nexus 6 running on any data plan I want
  • because in the USA, carriers want to bloat the ecosystem. Somewhat real and hypothetical example, AT&T gets a deal from Facebook to add all the FB apps to an Android device. In order to ensure the deal, they install the app and prevent it from being uninstalled. Then to make it even more intrusive, they want to tie all their software ad generating software into the phone as well.
  • "A bonafide Android security apocalypse is a real possibility." - sadly, that's one of the possible ways it would take to get things to change. If/when someone manages to steal money from thousands or even millions of people through data stolen from phones via a known and patched bug that OEMs never implemented (either due to their own cost control measures, or due to carrier limitations) - lawsuits over negligence will happen. The OEMs and carriers will at that point finally see the financial risks of not changing things. But, it will take a lot of pain and loss for consumers for that to eventually happen.
  • Just posted pretty much the same sentiment. You are 100% correct. Posted via the Android Central App
  • Yep Posted via the Android Central App
  • The question is why just because it's my phone's software that means the update channels are so drastically different than my PC. Example: the machine I carry with me everyday is an Ubuntu pre-loaded system from Dell. The version of Ubuntu is based on 14.04 LTS but is Dell's custom version. My updates don't come from the OEM though they come directly from Canonical. Same if I were to buy a Windows machine from them or any other OEM. Why is it so drastically different when it comes to OS patches on my smartphone? Posted via the Android Central App
  • Because in the case of Windows, it isn't open source. No matter what the OEM is, it's still the same windows os. As for the custom version of Ubuntu, I can only assume that either Dell is paying them to maintain it, or it isn't modified enough to require any special updating. This is just a problem with open source software, as much as I love it. Not everyone who modifies it is responsible enough to keep it updated. There are plenty of abandoned open source projects, it's just that they're user base is probably smaller than say samsung's. That means fewer people are effected. Think of TouchWiz as a Linux distro, then imagine the project gets neglected, now it makes sense. Posted via the Android Central App
  • I think the other issue is that there isn't something like a DLL or other machine independent translation layer to a system like Android - every version has to be at least mostly hardware specific. If Google/someone can figure a system like this out that doesn't absolutely destroy system performance we may see easy manufacturer independent updates but we're stuck with variants of the current system until then. Posted via something running something it's not supposed to...
  • The issue with DELL is that they muck around with the hardware. I found when upgrading my DELL laptop to windows 10 that there are driver problems. The component manufacturers each their hands of it because DELL has tweaked the item. DELL say my laptop is not supported for Windows 10. But they've long ago stopped providing firmware or driver updates for Windows 7 that it shipped with.
    DELL also ship the machine with a lot of extra apps and programs.
  • This is the reason people get a iPhone they have their hand held, and some people like that, this is ridiculous. Posted from my Nexus 6/Nexus 7 2013/Surface Pro 3
  • Another big reason people get iPhone is because they buy crappy androids have a bad experience and then they think this is what Android is like and then become iOS fans. The tip is not included! So tip your Uber driver.
  • I've never bought a low end Android phone and I'm seriously considering iPhone in November. Android has problems, I'm tired. Posted via the Android Central App
  • I honestly don't blame you it's sad. Posted from my Nexus 6/Nexus 7 2013/Surface Pro 3
  • Count me as another. Posted via the Android Central App
  • Everyone I know buys the 16GB version of an iPhone and also has a lousy experience...The folks least able to manage 16GB are also the most likely to buy it..2000 photos later they wonder why they do not have room to update it to a new OS. Posted via Serenity
  • But Damm does that software just work See what I'm saying? Posted from my Nexus 6/Nexus 7 2013/Surface Pro 3
  • I find nothing that "works" in an iPhone anymore that Android or the BlackBerry I use. We use iPhones for work and I hate it. I reboot constantly. Apps that frequently crash. Email that stops working till I reboot. And the need for iTunes is more than enough for me to use anything in my personal life other than an iPhone. My wife has used iPhones for 5 years and cannot stand the poor battery life her iPhone gets. She also has to delete and reinstall her apps every couple of weeks. Every new OS download makes a phone a generation or 2 old worse in my experience. Nothing good here. The only complaint from other Android users I know is battery life. But then they all have everything going in the background all the time or are playing ridiculous games that call for heavy processing and they have a QHD display. Take that away? Easy full day use and up to 2 full days. Posted via Android Central App
  • I have never known anyone with an iPhone that has the problems you have. IPhones don't need the same resources as Android phones. I have more apps on my old iPhone 4 which has 8gb memory than on my HTC M8S which has 16gb and is almost full. The battery was asks much better on the iPhone 4 which would last me all day at work and a full night of web browsing, YouTube, emailing etc. The HTC M8S has great battery life if you have it on extreme power saving mode and don't use it. Once you start using it the battery percent drains in front of your eyes. This is with a battery of somewhere like 2600 mah compared with 1400 mah in the iPhone 4. My Nexus 5 also suffers from the well known battery issues. Even my Windows phone kills my android phones on battery life. I really want to like Android but the next time I upgrade my phone I will probably be going back to iOS. Posted via the Android Central App
  • The 16 GB iphone needs to go away already except for the economy models.
  • This issue isn't about having your hand held, it's about having a secure phone.
  • stop stereotyping ALL iOS users are dumb sheep. iOS is not about hand holding. I know that my iPhone WILL get the next security update, it WILL get the next OS, DAY ONE, not 6-12 months AFTER it's released. iOS my not be customizable as android, but when it comes to running apps, it does it as well as ANY android phone on the market, and Most of the time, even better since the code only has to be written for One OS, not 7500 variants taking the lowest common denominator into account. I use both android and iOS. iOS with a mac and using the ecosystem together makes for a very good experience.
    Besides customization and main screen widgets, android honestly doesn't have one damn thing that iOS doesn't have. all phones Run Apps. and iOS and iPhone does that extremely well. and it gets security and OS updates immediately. something android will NEVER be able to do unless every single person buys a Nexus. which will never happen.
  • This article is good, but should have given props where they are due. BlackBerry had updates out to the Priv before Nexus Posted via the Android Central App
  • Part of the reason I rock Nexus devices exclusively. I just retired the wife's first gen Moto G because it was on Lollipop and she refused to secure it with a PIN. Now she has a Nexus 5X and uses the fingerprint lock. I feel better... Posted via the Android Central App
  • My Priv is an amazing phone and with blackberry security it get updated every month. . Posted via the Android Central App
  • It must be a pretty good device. They sell very quickly on SWAPPA. Posted via my Nexus 6P!
  • I've gotten every monthly patch, because I bought a Nexus. They now work on every single carrier. If you care about security, you buy a Nexus, otherwise your cries fall on deaf ears.
  • DING DING DING DING DING it sucks but thats the deal for now. Posted from my Nexus 6/Nexus 7 2013/Surface Pro 3
  • The problem is Nexus devices have their limitations. I'd buy a Nexus 5X (because of the security benefit) if it had significantly better battery life since this is a key aspect of a phone for me. We need more choice of devices with frequent security updates.
  • Unfortunately, Nexus devices DON'T work on EVERY carrier, because some carriers require customized ROMs for service (like Republic Wireless). So customers are trapped between getting a service they want and getting a phone that they want.
  • So Jerry....... As of right now you believe people should buy a nexus? Posted from my Nexus 6/Nexus 7 2013/Surface Pro 3
  • I don't know, I think all of this security scare mongering is over blown on the cell phone front. Chicken Little. You have heard of Chicken Little? Right? Jk Posted via Nexus 6 running on any data plan I want
  • There are a couple others. The Priv comes to mind, or the Robin. Anything that's running software more than 30 days old should be a no-buy for anyone who values their personal data.
  • So, basically switch to iPhone if you want security and a good phone. That's the point I'm at. Android has truly gone to hell after 4.4. Posted via the Android Central App
  • Just be sure you always have a Nexus that's less than 3 years old.....
    No love for the 2012 Nexus 7
  • I'm not the type who's paranoid about security, so I don't really get excited over security updates, even though I would like to have them. For the record, my G4 right now is on the December patch. and there's no update for it. It's an unlocked unit too, which is puzzling. Sadly, the only way these OEMs are going to care is when a mega-security breach that takes advantage of a flaw happens and every device which doesn't have an update that patches that is affected. You'd get a Nexus if you really do want those security updates, but for me, I never do stupid crap on my phone, so I'm not too concerned over that. Plus, I need expandable storage, so a Nexus isn't really an option for my daily.
  • The whole solution is Google having strict policies with OEM's with software updates. It like if I buy Honor 5X today, in a year time it will never get another software update, which is bad. the amount of devices still stuck on Kitkat is abnormal Posted via the Android Central App
  • Thing is... I don't think Google could force OEMs to supply or guarantee updates. In fact, I've seen a few Android devices that didn't even have an option to check for updates... period... so what ever it's shipped with... that's it.
  • The likelihood of being affected by a hack or malware is so remote. Just be smart about things like not opening MMS from people you don't know and you'll be fine. Stop worrying. I have a nexus and am not even up to date. I can't be bothered unrooting just to patch my phone for something that's probably about as likely to affect me as winning the lottery.
  • +1 Posted via Nexus 6 running on any data plan I want
  • I would advise you to investigate the trust zone vulnerabilities as addressed in the January patch. The "it won't happen to me because I'm too smart" approach doesn't help you, or anyone else.
  • Thank you Jerry. People who think that these vulnerabilities can only impact others who are not careful or do stupid things have not read the descriptions of the vulnerabilities. Posted via the Android Central App
  • Has anyone actually been hacked and victimized because of these holes in security? I haven't seen an article that's stated that. Android Central App | S5 G900A kitkat root
  • A few people, mostly outside North America and western Europe. I do believe there was an issue that affected 10,000 - 50,000 users in Asia a few years back. As of now, nobody has really tried to go after users in the west. I'm not sure why.
  • I would wager that it's because Westerners mostly use iPhones. At my work I'm one of 4 people with Android. Everyone else has iPhone. Android has the largest market share because of China. Posted from my Nexus 6.
  • The same holds true for me. If the 14 in my office and 22 in my company, only four of us (18%) do NOT have an iPhone. Now scale that number up to a company with thousands of employees. Which US OS would be the more lucrative hack? Hasn't it been shown that iOS users are both more affluent on average and spend more money on and using their phones? Criminals go where the money is, yes? Though I suppose there is money in selling stolen personal identifying data too. Posted via the Android Central App
  • More than half the market in the US uses Android. In Canada and Europe the numbers are much higher. Android has the majority of market share just about everywhere.
  • Security patch level 01-01-2016 on my LG G-Stylo on Walmart family mobile aka T-Mobile. Honestly I never really look at this but good to see a somewhat recent date there. It's a relatively cheap phone but it performs well. Coming from the original LG Nexus 5 that broke after it fell on carpet (wtf) followed by a LG G3 that wasn't as good of a swimmer as me (lol) I am happy either way it is a solid little phone. Posted via the Android Central App
  • That's the most important update to have for now. January's patch fixed some really, really REALLY bad stuff.
  • My unlocked Moto X pure edition is only on the November 2015 security patch. Now I'm scared. Posted via the Android Central App
  • The thing I love about my iPhone 6s Plus is that it's always getting updates. This needs to happen on Android devices.
  • Unfortunately, that is not very likely to happen. The Android UX differs between devices, so it's not easy to update all of them.
  • Nexus 6p no problem!
  • My next phone will be a Nexus device. Peace of mind is priceless! Posted via the Android Central App
  • This is nuts! Come on companies, talk to us. I so envy Apple fans on this.
  • True Posted via the Android Central App
  • Buy a Nexus device. :-) Posted via the Android Central App (Motorola Nexus 6 - US Cellular)
  • I have a Nexus. But I don't want strictly Nexus devices from here on out. I like variety. That's precisely the reason I left Apple behind. Posted via the Android Central App
  • When will they pyridine an equivalent to the galaxy note series?
    Posted from my nexus 5 running Android 4.4.4, cos I detest the look and feel of Lollipop and Marshmallow!
  • The silence is eerie on this one
  • I dont even like to deal with anybody other than googles phone.. I will never understand why if u want android u will go with 3rd party devices software is garbage and u get little to no update but little patches to fix the crap software thats covering android os Posted via the Android Central App
  • Guess it's going to take a class action lawsuit once a security hole is exploited. Millions of at risk phones infected on the shoulders of empty promises from Samsung/LG/etc. Nice.
  • Had my Nexus 6P for a week and am completely updated. I love it!!
  • I think the article is spot on except that in my view, the even bigger culprits here are the carriers. Samsung at least did publish security updates within a week or two of Google if only for their latest devices, which isn't right. But the carriers "additions" to the phones are 99% bloatware that would not be impacted in any way by security updates, and 1% blocking or hiding features they'd prefer we don't use often like the ability to add mobile hotspot to the notification bar shortcuts. The fact that when I sold my AT&T S6 Edge+ for this very reason (and got a Nexus 6P), and at that time (late January), T-Mobile's variant of the S6 Edge+ was on December, Verizon's was on November, AT&Ts on October, but international unlocked versions were on January shows you where the main problem is. Ironically Samsung in this case has made many more changes to the OS than AT&T, yet they can sort it out in a few weeks. Let's not forget that the reason the iPhone has this advantage over non-Nexus Android phones is that Steve Jobs was smart enough to start selling the iPhone exclusively through AT&T on the condition that they not be allowed to add bloatware. It worked and by the time the exclusive was over, all of the other carriers understood that if they wanted to sell iPhones, they couldn't get up to their usual BS. At the time they justified all this bloatware crap by saying they were heavily subsidizing the phones with their multi-year contracts. But now most of them are getting rid of those. So what's their justification now? Nothing. Posted via the Android Central App