We told you yesterday about a report from Google's Project Zero security team that revealed the popular Samsung S6 Edge smartphone has, or had, 11 major security flaws. We also explained that in general Android is less secure than Apple's iOS, because manufacturers can add their own apps and changes that might have security problems. Plus, Android gives users more freedom to install potentially malicious apps and change low-level settings.
Since Google released Android, it's been steadily working to fix some of the biggest contributors to poor security, from scanning for malicious apps in the Google Play app store to monthly security updates. In fact, it just released its November security update, and it's an important one.
The biggest fix is for a problem that could let hackers run malicious code on your gadget through email, browsing or text message. This is part of the Stagefright 2.0 flaw we told you about last month.
The patch also fixes security flaws in Android's Bluetooth and Telephony systems. While there haven't been any reports of hackers using any of these flaws, it's still good that they're fixed. Or are they?
While Google has updated the latest version of Android, and is already pushing out the patches to its Nexus line of gadgets, there are still millions of Android gadgets that aren't covered. It goes back to the fact that every manufacturer and carrier can tweak Android however they want.
If a manufacturer or carrier wants to push out an updated version of Android, it has to test it first to make sure the patch didn't break anything not in the original Android. It also needs to test the update on every gadget it makes just in case there are hardware glitches.
That takes time, energy and money. It's why security patches can take weeks or months to appear, if ever. Samsung and LG signed on to Google's monthly updates, so owners of their gadgets should have updates at some point, but many smaller manufacturers haven't.
Of course, there's also a question of which version of Android you're running. Most manufacturers and carriers don't upgrade older gadgets to the newest version of Android. It goes back to the time and money it takes to test a modified version of Android on older hardware. Why do that when you can just sell new hardware with the new software?
You could easily still have a gadget running Android 4.4 or earlier (the latest version is 6.0). And your older version of Android is probably not going to get any security updates.
Again, Google is working to change that with the latest version of Android and going forward, but if you're running an older gadget, you might be out of luck.
You can see how many security flaws your gadget has with an app called VTS for Android. It scans for 22 of the biggest flaws and tells you whether or not your gadget is affected. Just note that if you're running some security apps, it might trigger a false positive for a malicious app because of the way it scans.
If you do have security flaws, check with your manufacturer to see when updates are coming, or if they are. You should also make sure you've taken good security precautions to make your gadget as hacker-proof as possible.