In March 2020, consumer watchdog Which? reported that 2 out of 5 Android devices no longer receive vital security updates from Google. In the same report, the watchdog noted that around 40% of active Android users are on version 6.0 or earlier of the required operating system (OS), making them extremely vulnerable to malware and other application security threats.
The news is the latest in a long line of known Android security risks that include cryptojacking, data breaches, and spyware. Over the years, Android devices and software providers have come under fire for increasingly long delays between critical OS updates. Experts argue that this delay makes it impossible for Android users to protect their devices from mobile cybersecurity threats, which are evolving at a rapid and continuous pace.
All of these issues were recently thrown into sharp relief with Google’s confirmation of an elevation-of-privilege vulnerability that enables cyber attackers to “get root”, or total control, of a device. Notably, Android users running OS version 7.0 were not susceptible to this particular mobile device security threat. To help explain this latest Android security threat, we’ve teamed up with the cybersecurity experts at ESET. Read on to learn more about ongoing Android update issues and what they teach us about mobile security more broadly.
How Android update issues affect the security
Android privilege escalation attacks akin to that recognized in March 2020 are nothing new. In fact, experts and academics within the information security space have written about cyberattacks of this nature since the early 2010s. In spite of this, privilege escalation attacks have remained a prominent part of the cybersecurity landscape ever since. Why? In large part due to the long delays between new Android updates.
In late 2019, The Verge explained that the reason behind notoriously slow updates to Android devices is the long approval process that third party developers must complete before pushing updates live. Because Android is an open-source group, manufacturers like Sony, Nokia, and Samsung can take this source code and essentially do as they please to develop their own OS. At the end of the development process, manufacturers need to get their updates approved by Google and various mobile carrier networks, to ensure they don’t disrupt the entire mobile ecosystem.
All of this can amount to a long, slow process in which Android users are required to use devices running on outdated software that can’t keep up with evolving security threats. From DDOS attacks to malware, Android devices are left exposed to a host of cyber attacks that can have potentially catastrophic results.
Lessons for mobile device users
While it’s impossible to say whether the process for developing Android OS updates and pushing them live will be shortened in the near future, there are a few simple measures users can take to protect themselves. Whether you’re an Android user or simply own a mobile device, you can never be too careful.
Stay on top of updates
As soon as an OS update becomes available, backup your device and download and install the latest update. Running an up-to-date OS on your device is one of the best ways to ensure that you’re protected from the latest cybersecurity threats. In some cases, planned obsolescence may mean that you’ll need to update your hardware, as certain OS cannot be installed on devices past a certain age. While it’s by no means necessary to update your phone or tablet every year, consider this: The older your mobile device, the higher the risk.
Exercise constant vigilance
It goes without saying, but always be mindful of what you click on and download onto your mobile device. Never download applications from unknown developers or untrusted sources, and delete any emails that contain suspicious-looking links or attachments, even if you recognize the sender. Practicing constant vigilance is your first line of defense against cyber threats like phishing scams and malware, particularly if your device is not compatible with the latest software.
Download mobile antivirus software
One of the best ways to curb Android security risks and prevent cyber attacks on your mobile device is to download mobile antivirus software from a reputable supplier. ESET’s Antivirus for Android software protects your device from phishing attacks, viruses, and Trojans, and uses real-time scanning to detect and prevent emerging threats. Suitable for use across a range of mobile devices, it’s the ideal choice for mobile users who are conscious of their cyber security.
Protect your mobile devices from cyber attacks
Even though business and personal technology use is increasingly moving toward mobile devices, smartphones and tablets remain a largely overlooked aspect of cybersecurity. Extend the same care and protection that you give to your desktop computer or laptop by keeping on top of mobile device security threats and acting accordingly.