Why a billion Android phones will never be safe

Android Phone
If you think you’re safe from hackers or malware on an Android phone, you’re fooling yourself.

Last year, an estimated 50 million Android phones were left (and may still be) vulnerable to the Heartbleed bug, and right now a ‘Stagefright’ MMS hack has exposed nearly every single Android phone owner on planet Earth — more than 950 million devices — vulnerable to a complete takeover of their phone through a text message that they don’t even have to open. The vulnerabilities are scary, but what’s worse is that most of these phones will never get patched.

Nearly 1 billion Android devices are vulnerable to a complete takeover of their phone through a text message.

In the wake of nearly a billion phones being vulnerable to hacking, major phone makers that rely on the operating system — Samsung, Google, Sony, LG, and more — announced plans to start issuing monthly bug fixes for their phones. The news is certainly timely, but it’s not going to fix a thing. Android is the most vulnerable OS to bugs, hacks, glitches, and issues of any kind, and no update program from Samsung and LG is going to change that, regardless of what you may read.

There is a Tolkien-sized elephant of a problem with Android’s security, and it stems from the way Android is distributed and updated in the first place.  It’s impossible for Android phones to get critical updates, and that problem is not shared by iPhone or Windows.

Why your Android phone isn’t getting bug fixes

Do you own a Samsung Galaxy S5? If so, you’re one of a billion Android users around the world, and your phone is one of 24,000 different Android models that come from more than 1,300 different brands just like Samsung, according to an OpenSignal report.

Unless you’re using an iPhone, almost every smartphone you can buy runs two operating systems: Google’s Android OS and a modified user interface (UX) from one of those 1,300 brands that made the phone, the original equipment manufacturer or OEM. (Samsung is the biggest of these with a 38 percent share of all Android sales.)


Jessica Lee Star/Digital Trends

The changes OEM’s make to Android range from slight tweaks in the color of menus to massive overhauls. LG and Samsung, for example, have platoons of designers and coders who spend their lives remodeling every nook and cranny of Google’s Android.

Don’t miss: Stagefright shocks Samsung, LG, and Google into taking phone security seriously

Since companies like Samsung are unwilling to rely on the software that Google lays out, most phones come with two sets of apps, too: Google’s entire app suite, and the extra calendar, messaging, browser, and other apps from the OEM. This makes owning an Android phone unnecessarily complicated, and usually annoying for a new phone owner, who is bombarded with 60 to 90 apps when they unbox their new communication toy. Right now, it’s rare that almost any two Android phones run the exact same modified version of Android.

But it gets worse.

How an Android phone gets a software update:

  1. Google releases an update: Google releases a new version of Android every six months, and a few smaller patches in between. Google Nexus owners receive this update directly from Google. Some Nexus phones have already been patched from the Stagefright bug.
  2. OEMs release their update 3 to 6 months later: Once Google releases this major Android OS update, the 1,300 other Android phone makers begin updating their upcoming and best-selling phones to the new OS. Phones that don’t sell well may never get an update.
  3. Carriers approve that update 3 to 6 months later: Wireless carriers around the world that carry the phone demand to review the update. This stage is especially frustrating for tech-savvy users who know a patch is available, but aren’t able to get it because their wireless carrier — maybe Verizon or AT&T — hasn’t approved it yet.
  4. After 1 year, you enjoy an out-of-date update: iPhones and Nexus phones get updates within hours and days, but most Android phones never get updates, or the process takes a year because of all the middle men involved. A good chunk of Android owners never receive more than one significant update to their phone during its 2-year lifespan. This means they have an outdated look to their phone, lack new Android features, and never recieve critical security and bug fixes.

Because of this nightmare, almost 82 percent of Android phones run an OS from 2013 or before. For iPhone owners, the opposite is true: 85 percent of iPhones run iOS 8 (2014). It’s a problem that has needed to change for half a decade, but just isn’t. These beautiful graphs at OpenSignal show Android fragmentation at its worst.

Why monthly security updates won’t solve a damn thing

Assuming Samsung and others somehow manage to start reliably issuing bug fixes and security updates every month, these updates will still have to trudge through hundreds of wireless carriers (and thousands of virtual carriers), which will extend them by at least another month, if not indefinitely. It’s one thing to promise updates, but it’s another to deliver them and get people to actually download them.

Don’t miss: What is the ‘Stagefright’ hack? How to defend yourself

Only select phone models will get updates, only select carriers will issue those select updates at all, and most of those updates will come late — very late. When it comes to security, late could mean you losing the data on your phone, or having to fork over an extra $300 to $800 you don’t have to purchase a new, ‘safe’ device.

The only way Android gets better…

I applaud any attempt to increase the frequency of security and OS updates to Android phones, and I’ve been an Android user since I got the first Motorola Droid, but these security initiatives will not make most of us safer.

The only way Android will truly become a safe, up-to-date operating system for every smartphone owner is if all 800+ wireless carriers, Google, and all 1,300 OEMs hold hands and work together for the good of their customers (us). Arch rivals like LG and Samsung would need to work together and inform each other of bugs, work with Google to fix them, and all work to create an Android that is far more unified than it is today. On top of that, they’d need to be joined by the Verizon’s and AT&T’s of the world, who would need to put users ahead of profits and control. So far, we can only think of one uncarrier with that attitude.

In the Android world, it’s kill or be killed. OEMs and wireless carriers step on each other and Google’s OS to reach the pot of gold first.

There are absolutely no signs of any lovey dovey cooperation. In the Android world, it’s kill or be killed. OEMs and wireless carriers step on each other and Google’s OS to reach the pot of gold first. That’s why Apple holds 92 percent of all smartphone profits, and iPhone users are the only only ones receiving updates on time.

Unless Samsung, LG, Sony, HTC, and others start working together — and with Google — to locate and eliminate security risks or bugs across all handsets, and they strong arm wireless carriers, everyone on an Android phone may feel the pain.

Android phones are fantastic for a lot of reasons, and I’m not telling you to abandon your HTC One for an iPhone. But when you put down that $300 to $800 for a new Android phone, you should know that unless you buy a Nexus, your chance of exposure to a critical bug are high.

Android continues to suck at updates, and that puts us all at risk.

The views expressed here are solely those of the author and do not reflect the beliefs of Digital Trends.

Emerging Tech

Awesome Tech You Can’t Buy Yet: Booze-filled ski poles and crypto piggy banks

Check out our roundup of the best new crowdfunding projects and product announcements that hit the web this week. You may not be able to buy this stuff yet, but it sure is fun to gawk!

Save up to $800 with the best smartphone deals for December 2018

Need a better phone but don't want to spend a fortune? It's never a bad time to score a new smartphone and save some cash. We rounded up the best smartphone deals available that can save you as much as $800.

How to switch from iPhone to Android: The ultimate guide

If you've decided to bridge the great tech divide and leave Apple's walled garden for the unknown shores of Android, then you'll find all the tips and advice you need to begin switching from an iPhone to an Android device.

The best iPhone deals for December 2018

Apple devices can get expensive, but if you just can't live without iOS, don't despair: We've curated an up-to-date list of all of the absolute best iPhone deals available for December 2018.

iOS jailbreak app store Cydia shuts down purchasing

For years, iOS users have been jailbreaking their devices to install software not approved by Apple. But now the popular app store alternative Cydia will no longer be accepting purchases.

Lawsuit alleges Apple falsely advertised the screen size of the iPhone X

A lawsuit alleges that Apple was dishonest in the way that it marketed the iPhone X. The lawsuit alleges that despite Apple's marketing campaign, the new iPhone is not in fact all screen because of the notch.

Apple is still selling iPhones in China despite being ordered not to

Apple is following the FTC's lead and has sued Qualcomm for a massive $1 billion in the U.S., $145 million in China, and also in the U.K., claiming the company charged onerous royalties for its patented tech.

Is somebody watching you? How to stop apps from tracking your location

If you don't like the idea of your every movement being tracked by apps on the phone in your pocket, then you may want to turn location tracking off. We take a look at how to do it on an iPhone or Android phone in this easy guide.

Report: Samsung's upcoming foldable phone will cost a hefty $1,800

Samsung has been showcasing bendable display tech for a few years and now a folding smartphone might finally arrive. The Galaxy X, or perhaps the Galaxy F, may be the company's first example. Here's everything we know about it.
Smart Home

Starbucks teams with Uber Eats for delivery from 2,000 of its U.S. stores

Starbucks has teamed up with Uber Eats to offer customers deliveries from almost a quarter of its stores in the U.S. The major expansion launches early next year, making life even easier for fans of the coffee giant.

Huawei Nova 4 has a hole in the screen, and a 48-megapixel camera on the back

Huawei has launched the Nova 4, a new smartphone that has abandoned the screen notch and adopted a punch hole alternative, and also has a massive 48-megapixel camera. Here's what you need to know about the Nova 4.

Black hole in the screen of Samsung's new Galaxy A8s has a camera inside

Samsung is building exciting, technologically innovative midrange phones, and the latest to be revealed is the new Samsung Galaxy A8s, which may give us an idea of what the new Samsung Galaxy S10 will look like.

Score a Christmas deal with Speck’s half-off sale on its entire range of cases

The holidays might be nearing, but bargains don't take time off. To celebrate the last day for U.S. ground shipping, Speck will be offering a sitewide 50-percent-off deal for one day only on Monday December 17.

Doubts emerge over when LG will reveal its folding smartphone

LG may be working on a folding smartphone, making it the latest device manufacturer to be linked to the technology, which may become one of the standout designs of the coming year.