Hacker News new | past | comments | ask | show | jobs | submit login

Don't let the perfect be the enemy of good. Or in other words, I try to adjust my opsec/persec to a realistic threat model, not to my worst dystopian nightmares.

I think the point is that, Android is not what we would consider "good" security.

This is not about dystopian nightmares, this is about an OS where it's exceptional to EVER get an update, let alone get it in time.

If you go out to a shop and buy 100 Android phones, at least 99 will be running outdated OS versions with known security issues and no updates available.

But why aren't these Android phones getting hacked left and right, everywhere? Any idea?

Where I am (the Netherlands), Android is way more popular than iOS--I'm not attaching value judgement to popularity or otherwise, nor am I particularly doubtful of your claim that the average (cheap) Android phone is running an outdated version.

But if that's the case then what is going on?

Are they not juicy targets for hackers? (tons of personal information, botnet possibilities, seems valuable to me)

Or are they in fact being hacked quietly and we're not hearing much about it? Is everyone's cheap phone already part of a botnet and nobody realizes?

Is it perhaps that the exploits require physical proximity that hackers don't deem worth the risk?

Looking at active Android clients your claim might be correct (although I assume it is not 99%), but if he actually went out and bought a new "premium" phone which I assume most here would do it is most likely updated.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact