How important are security updates?

LeoRex

Retired Moderator
Nov 21, 2012
6,223
0
0
Visit site
The majority of Android phone users worldwide are running Marshmallow OS and no longer receive monthly security patches... And it isn't a problem.

And a third run Lollipop or earlier and for the most part, it's those grossly out date phones that are usually the target of attacks, of which there are many. Easy pickings.

But that can change... So I'd rather be as up to date as possible for my own peace of mind. It's as the old saying goes, 'you don't have to run faster than the bear... '
 

Morty2264

Ambassador
Mar 6, 2012
22,922
1,053
113
Visit site
And a third run Lollipop or earlier and for the most part, it's those grossly out date phones that are usually the target of attacks, of which there are many. Easy pickings.

But that can change... So I'd rather be as up to date as possible for my own peace of mind. It's as the old saying goes, 'you don't have to run faster than the bear... '

Very good point, and a perfect analogy behind it... 😁.
 

chanchan05

Q&A Team
Nov 22, 2014
8,519
0
0
Visit site
Cite the news reports of hacked Android users on phones no longer receiving security updates. (No, I won't hold my breath)

This is a false presumption because many people don't know they've been hacked or know they've been compromised. For example, the Cambridge Analytica data leak has been ongoing for several years before it was found out. Malicious hacking is not ransomware. People won't even know they've been hacked and their data stolen. So even if there is no news, it doesn't mean hacks don't happen.
 

Ry

Moderator Captain
Trusted Member
Nov 16, 2010
17,656
214
0
Visit site
It will take a major breach - an exploit actually exploited - for me to change my stance.

3 to 4 security updates per year is acceptable.

OS updates aren't necessary.
 

LeoRex

Retired Moderator
Nov 21, 2012
6,223
0
0
Visit site
Lol... Keep selling fear...

There has never been a large, financially punishing hack of Android.

Just dumb people with easy passwords...

Normalcy Bias

Just because it hasn't happened doesn't mean it won't happen.

The Android platform, as a consumer product, is only about 10 years old.... and now runs billions of devices worldwide. Nearly all the security problems that have occured have come from devices that were running old, out of date versions of Android and often loading apps from untrustworthy sources. Remember the good ol' days when you could run an app that could root your phone with a single click? Well, there are a ton of phones out there in the wild running that generation software, owned by people with a similar attitude.

But the problem goes beyond "my phone is up to date, I'm cool" See... you aren't. Hackers are getting much more sophisticated now and the primary attack is just a stepping stone. Remember that huge Target credit card breach from a year or so ago? That all started when some unsuspecting schmuck accessed the wrong site from the wrong poorly secured computer. One dude... one computer.... millions of people affected. IT departments across the land are scared crapless at the possibility of an incursion caused by a clueless/indifferent employee exposing the wrong bit of info on his junk old phone.

So while I own one of the most secure phones available, the fact that a rather huge chunk of the active phones out there are trivially easy to crack means that I am still at risk.
 

Morty2264

Ambassador
Mar 6, 2012
22,922
1,053
113
Visit site
Normalcy Bias

Just because it hasn't happened doesn't mean it won't happen.

The Android platform, as a consumer product, is only about 10 years old.... and now runs billions of devices worldwide. Nearly all the security problems that have occured have come from devices that were running old, out of date versions of Android and often loading apps from untrustworthy sources. Remember the good ol' days when you could run an app that could root your phone with a single click? Well, there are a ton of phones out there in the wild running that generation software, owned by people with a similar attitude.

But the problem goes beyond "my phone is up to date, I'm cool" See... you aren't. Hackers are getting much more sophisticated now and the primary attack is just a stepping stone. Remember that huge Target credit card breach from a year or so ago? That all started when some unsuspecting schmuck accessed the wrong site from the wrong poorly secured computer. One dude... one computer.... millions of people affected. IT departments across the land are scared crapless at the possibility of an incursion caused by a clueless/indifferent employee exposing the wrong bit of info on his junk old phone.

So while I own one of the most secure phones available, the fact that a rather huge chunk of the active phones out there are trivially easy to crack means that I am still at risk.

I couldn't agree with you more. We all have to be aware of the risks. If one of us goes down, we could all go down!
 

ankit3302

Member
Jun 1, 2018
13
0
0
Visit site
Although security updates are important and are necessary for android OS, but it is not that if we don't update the OS then our device will be hacked. I f you are so concerned about the security updates, use iOS.
 

Almeuit

Moderator Team Leader
Moderator
Apr 17, 2012
32,278
23
0
Visit site
Even with 2FA on everything (plus generated passwords) I still prefer security updates to no security updates.
Lol... Keep selling fear...

There has never been a large, financially punishing hack of Android.

Just dumb people with easy passwords...
 

anon(10300249)

Well-known member
Aug 20, 2017
60
0
0
Visit site
Depends on how are you using it. If you go on new, weird/suspicious websites, watching porn, visiting torrent sites and etc... then you need good security, but if you're using it smart, only entering mostly trusted websites and don't doing anything stupid and I doubt those updates will give you any difference. For example I use my PC mostly checking FB sometimes and playing video games in Steam and I don't even remember when I last saw or even had problems with viruses.

Also I was using Lenovo A6000 plus without system (still on android kitkat) or any security websites. It was mostly used for messenger and calls and never encountered any virus there.
 

Marc999

Member
Jun 16, 2015
14
0
0
Visit site
I'm using Android 8.1.0 (with a Feb.2019 security patch) on a Moto G5+

Since Google Play store updates my apps. on a regular basis, don't you think that should be enough to be safe?
I also use Avast Anti-virus mobile which should help any malware attacks?

Google - Chrome/Calendar/Drive/Gmail/Maps etc. all get updated regularly, independent of the operating system we're using.
Within reason of course, I'm sure some older Android versions' apps aren't updated at all.

I don't click on weird links in a text message, nor do I surf porn etc. on my phone.

I use banking apps as well - that would be my main concern - if I can be convinced that it's unsafe to use those apps on my phone, without the latest security patch, then I would be tempted to buy a Pixel 3a to stay current.
 

bembol

Trusted Member
Jun 18, 2011
3,092
101
63
Visit site
I honestly don't know what it does, I'm just not concerned.

Fear is a powerful tool. It took me a year to convince my Mother to use online banking.
 

Morty2264

Ambassador
Mar 6, 2012
22,922
1,053
113
Visit site
I honestly don't know what it does, I'm just not concerned.

Fear is a powerful tool. It took me a year to convince my Mother to use online banking.

You are right. Fear is a very powerful tool and can influence people, often more pervasively and persuasively than positive reinforcement/information.
 

anon(10181084)

Well-known member
Mar 2, 2017
830
4
0
Visit site
Hi all, I’m contemplating getting an android tablet, however, I’m aware that security update wise for these is pretty much non existent. The one I viewed in a shop for sale had no security updates since 2015 and no updates pending (a Samsung WiFi tab s2).

I would imagine it’s a similar story with other tablets too.

So how vulnerable is a tablet without any recent security updates likely to be? The other option is I simply get an iPad which at least I know will get os and security updates despite my frustrations with them.
Well, you should be OK if you use a modern browser that blocks ads and malicious scripts (I HIGHLY recommend Brave Browser, both for up to date and non up to date devices). Also, avoid APKs from untrustworthy websites (shady piracy sites, etc...) and get a decent non-placebo anti-virus. I highly recommend Kaspersky, which in it's paid version will auto scan all downloaded files (including APKs) and even scan them alongside Play Protect when you install said APKs. If you use banking apps, you are safe if it uses its own security system (the USAA app I have is one good example of this).