Are older Androids not getting software updates leaving them open to cyber attacks?
Yes and yes.
Joshua Motta, CEO at Coalition, Inc.
Dan Ackerman, Section Editor at CNET
AV Test, Cyber Security Lab
Android Security 2017 Year in Review
It's the same story told a million and one ways. We shell out the money for some shiny electronic do-dads and a few years later they go kerplunk.
Last summer, Apple announced it would not make the latest iOS (11 at the time) compatible with the iPhone5. Consumers complained in droves that Apple was behind 'Planned Obsolescence,' purposely slowing down our phones to the functionality of rocks.
Viewer William Ward from Germantown, Maryland was curious whether the same thing happened to his 4-year-ild Galaxy S5.
He asked Verify whether older Androids aren't getting the latest software patches and whether that posed a security threat for the 2 billion phones out there.
To get answers we went to a cyber risk management provider, a cyber security testing lab in Germany, and a gadget guru expert. They all confirmed some older, cheaper androids don't get every software update.
It comes down to which Android you have.
"Each phone is different depending on what phone you have, who made the phone and who your carrier is," Dan Ackerman a Section Editor at CNET said. "Your schedule for getting any Android operating system updates could be all over the place and after a certain amount of time a lot of the older phones are not supported anymore so you won't get new updates."
To understand why, it's important to understand the Android ecosystem. Apple has more control to streamline software updates, that's because Apple's iOS is used exclusively on iPhones.
Since 2007, with Steve Job's pioneer iPhone, there's been only 18 models.
On the other hand, Google developers write Android's code and let hundreds of phone manufacturers--like Samsung and Motorola--use it.
Every time there's a vulnerability in Android, Google notifies your carrier and manufacturers and it's up to them to tweak the code for tens of thousands of phones.
Phone manufacturers aren't incentivized to improve all their phones, only the popular, new and expensive ones.
Google is the exception.
"The Google Pixel phone is very similar to the Apple situation, where Google controls the operating system and the hardware device," Joshua Motta, the CEO of Coalition, a cyber insurance firm.
"Whereas, for example, if you take Samsung, Google can release an update to the Android software, however it's ultimately the responsibility of Samsung to incorporate those security updates into their own releases," Motta said.
In it's 2017 Android report, Google predicted that 30 percent more Androids received security patches. They failed to say what that was up from.
Ackerman says one in four Android users currently are running the latest software. Others are less optimistic.
So how dangerous is it to run old software?
Ackerman says its troublesome but you should be more concerned by phishing emails, which are cheaper and easier to create, than bits of malware.
Still--Androids are indisputably a bigger target for malware attacks than iPhones. They've got a larger market share.
"The numbers sound out loud and clear: Anyone seeking to make money by attacking mobile devices will choose Android devices as their target," AV Test, an independent cyber security lab in Germany wrote in their 2016-2017 Security report.
"The share in overall in overall malware development for iOS, Windows Mobile and others has dropped to below meaningful percentage points, whereas the number of new threats for Android has doubled compared to the previous year," AV test wrote.
In June of 2016 the tech found 643,476 new malware programs for Android, which they claim, is the 'highest number since the Google operating system was published.'