this post was submitted on 25 Jul 2023
51 points (98.1% liked)

Ask Android

2047 readers
2 users here now

A place to ask your questions and seek help related to your Android device and the Android ecosystem.

Whether you're looking for app recommendations, phone buying advice, or want to explore rooting and tutorials, this is the place for you!

Rules
  1. Be descriptive: Help us help you by providing as many details as you can.
  2. Be patient: You're getting free help from Internet strangers, so you may have to wait for an answer.
  3. Be helpful: If someone asks you for more information, tell us what you can. If someone asks you for a screenshot, please provide one!
  4. Be nice: Treat others with respect, even if you don't agree with their advice. Accordingly, you should expect others to be nice to you as well. Report intentionally rude answers.
  5. No piracy: Sharing or discussing pirated content is strictly prohibited. Do not ask others for a paid app or about how to acquire one.
  6. No affiliate/marketing links: Posting affiliate links is not allowed.
  7. No URL shorteners: These can hide the true location of the page and lead people to malicious places.
  8. No lockscreen bypasses: Please do not comment, link, or assist with bypassing lock screens or factory reset protection.
  9. No cross-posting: Please take the time to make a proper post instead of cross-posting.
Other Communities

founded 1 year ago
MODERATORS
[email protected]
[email protected]
51
How insecure are Android phones once they stop getting security updates? (lemmy.one)
submitted 1 year ago by [email protected] to c/[email protected]
33 comments fedilink hide all child comments
 

Is it still safe to use as long as apps continue to be updated and is supported by the play store?

How long would you say someone could safely use an Android phone that no longer gets security updates for?

you are viewing a single comment's thread
view the rest of the comments
[–] danielfgom 2 points 1 year ago (4 children)

Very, very safe. Android security levels are very high. Much higher than iPhone for example, because Google have a dedicated Security team testing it all the time. They even host Hackathons where people are invited to find holes and vulnerabilities.

In any case Google can send important security updates via the Play Store as well. But most vulnerabilities found are never actually used in reality. They normally require physical access to the device, some kind of computer, complicated techniques. In other words nothing the regular person ever has to worry about.

If you hear of anyone having a malware issue it's because they went to a dodgy site and downloaded an APK and installed it manually.

If you use your brain and only install apps from trusted sources, you'll be fine.

(Trusted sources: Google Play Store, F-Droid, uptodown.com)

[–] [email protected] 4 points 1 year ago (1 children)

To expand on this, most vulnerabilities that require the vendor to actually participate by providing security updates are specific to your hardware configuration. These kinds of vulnerabilities are less attractive to most attackers because of their specificity. Attackers would much prefer to have a vulnerability that applies to many different victims, not just a specific kind. Android has gone to great lengths to update these commonly targeted components regardless of your vendor support status. Unless you believe you would be specifically targeted, the risk is fairly low.

I'm not sure it's fair to put iPhone down. They do take security very seriously, especially physical security with their formally verified bootloader. Not seeking a flame war. I just didn't think it was accurate. Are we so sure they don't have individuals focused on iPhone security at Apple? Compromised devices impact their brand image while the same bugs can be used for jailbreaking. I'm sure it's very important. I interviewed with a team up there that I believe specialized in just that. Just recently Apple implemented an emergency security patching system for their devices to get security updates out even faster.

Full disclaimer: I use both devices for software development. I have no special preference.

[–] danielfgom 2 points 1 year ago

They certainly do take iPhone security seriously but Google has really done alot more in this area. I've seen metrics where Android has significantly less vulnerabilities than iOS. Plus I've read multiple articles where Mobile Security vendors have said they get far more exploits submitted for iOS than for Android.

Hence the pay much more for Android exploits they work then for iOS exploits because they are more common.

Note that these are companies which specialise in hacking phones for government agency use, so it's not something that will affect everyone. But in general iOS has more holes.

A while back Google's Security team found an iOS hole, told Apple, who never fixed it, until Google eventually made it public and only then did Apple agree to fix it. So they don't seem to be in a hurry over at Apple to fix holes.

load more comments (2 replies)