Security updates in the android smartphone world are quite limited. Most smartphone companies have rarely been updating their devices once they hit the consumer market. What has happened in the past year or two, however, is quite encouraging — more smartphones companies have started giving security updates a priority.
But there’s still a problem that makes the iOS ecosystem better – support window period after a device is launched. Apple provides security updates for at least five years, while Google only commits to 3 years independent of how “premium” the smartphone is — a bummer.
Consequently, more Android users are more vulnerable to hacking attacks due to lack of these critical updates.
According to Which?, a consumer watchdog in the UK, two in five Android users worldwide are no longer receiving critical security updates from Google. In general, about 40 percent of the Android market doesn’t receive updates hence prone to “risk of data theft, ransom demands and a range of other malware attacks,” says the company.
The worst-case scenario could include a hacker taking complete control of the phone. Android users with phones launched around 2012 or earlier – including Samsung Galaxy S3 and Sony Xperia S, popular at the time, should specifically be concerned.
The good news is users of recently out-of-support devices are not affected, but that will change as time goes by. For one thing, using anything below Android 8 carries security risks, the company says.
The company calls out for more transparency about the period of support for smartphones before they make purchase decisions. For long, few android smartphone companies have been providing consistent monthly security updates as it is needed.
“It’s very concerning that expensive Android devices have such a short shelf life before they lose security support – leaving millions of users at risk of serious consequences if they fall victim to hackers,” said Kate Bevan, Which? Computing editor.
Which? advises users with old android devices to be careful about what they download and click on as part of the mitigation practices. Additionally, users should also get an antivirus program and consistently back up their data on cloud services or personal hard drives.