Why can't older Android devices be updated to the latest version?

[mellandroid]

I found out through a show called security now that there is a malware called strand hog 2, which impersonate apps and take log in information and this is corrected only version 10 of android.

why can a older Android phone not be updated to a newer version like a P.C. In many case phones have more than enough memory to perform the update so what is preventing the update to the latest version of android?

 

[hallux]

It's an old article and graphic, but still applicable today..

https://9to5google.com/2013/12/26/h...are-update-process-with-one-long-infographic/

The bottom line is that at some point the one of either the device or SoC manufacturer decides it's not financially beneficial to update a an SoC or device. Plus, Google only guarantees updates for 3 years after release for the Pixel devices which gets them I believe 2 OS updates and a further year of monthly security patches.

 

[Mooncatt]

The OS has to be tailored to every specific device. There is no universal OS version that you could install and expect everything (especially calls) to work.

I think that episode of Security Now is the one I just started listening to. I'll likely finish it tomorrow, and provide my feedback if necessary. A lot of these "doomsday" sounding vulnerabilities require additional actions on your part to get infected, so I'm interested in getting to that segment of the episode.

 

[Mooncatt]

I just finished the Security Now podcast.

First the bad news: Yes, Strand Hog 2 is a nasty one.

The good news: The chances of being infected are extremely low from the sounds of it.

From my understanding, this is limited to targeted attacks. That would mean an attacker is trying to target you specifically, which is usually only a concern for high profile individuals (they used the example of "state actors") and not random users like us. Even if you are targeted, the attack must be initiated by installing a malicious app. Doing that typically means installing one from outside the Play store, such as from phishing emails or using apk downloading sites. As of right now, the malicious app(s) are not available on Play, which does scan for this sort of thing.

I wouldn't be overly concerned about this as long as you practice the usual safe browsing and usage habits. I would be especially vigilant to only install apps from the Play store or direct from a trusted developer. Also, it's a good idea to stick with established and well known apps vs trying to use a clone, even if it's an issue of paid original apps vs free clones.

If anyone else wants a listen, the SH2 topic starts at 1:11.08 into the video here:

https://youtu.be/uxWxj094BeA