
One billion Android devices at risk of hacking - Hasknewbie
https://www.bbc.com/news/technology-51751950
======
outime
Not even spending several hundreds or even going beyond a thousand bucks will
save you from this on Android, and this is the reason why I try to avoid it
whenever possible. At least iPhones are expensive but you do have years and
years of updates (and no, not willing to change my phone every year or two).

~~~
CodeAndCuffs
I'm not super familiar with how Android does it's versioning, so I may be off
base here.

The article mentions the S6 being vulnerable, but it had its last update 6
months ago. It also says versions below 7.0 are vulnerable, but the S6
supports 7.1. It also says the most vulnerable are phones from 2012.

I don't think it's unreasonable to say an 8 year old phone may have some
security vulnerabilities. I personally don't know anyone with an 8 year old
phone. I'm sure they exist, but I don't think this is an Android exclusive
issue.

Further, Android is the defacto default OS for phones. Every shovelware burner
sitting in a bin at the convenience store is running some version of Android.
Saying "1 billion are vulernable" is surprising in that it's only 1 billion.

These include the phones that cops hack into by placing the phone in a machine
that tries every pin combo between 0000 and 9999 until it unlocks.

~~~
signal11
Android (the project) may release updates, but it's useless if the phone
manufacturers don't distribute them.

The article says

> According to the Android security bulletin, there were no security patches
> issued for the Android system in 2019 for versions below 7.0

But this doesn't really matter. The only way the vast majority of Android
users will get an update is if there's an "over the air" (OTA) update. Which
most device manufacturers don't provide. I've seen Samsung phones from 2016
which are stuck on Android 6, no security updates. I don't actively use
Android personally, but I suspect there are more recent phones in a similar
situation.

This is the crux of Android's problems re security updates.

The only consumer-grade phone I'm aware of that does a decent job of security
updates is Google's Pixel. Interestingly Samsung do provide security updates
fairly promptly for some models -- possibly because they're widely used as
corporate Android devices and their purchasers made security updates a
requirement.

~~~
death-by-ppt
From
[https://support.google.com/pixelphone/answer/4457705](https://support.google.com/pixelphone/answer/4457705)

"Pixel phones get Android version updates for at least 3 years from when the
device first became available on the Google Store".

My Pixel (1st gen) no longer gets updates as of a few months ago. I might
flash an open source Android ROM, such as LineageOS.

------
zepto
Project zero remains oddly silent.

~~~
ThePowerOfFuet
Interesting, isn't it? Paging Ian Beer...

