Want CNET to notify you of price drops and the latest stories?
No, thank you Accept
X
Apple's Mixed Reality HeadsetRemote Working in ParadiseBest Mineral SunscreensBest Solar CompaniesSmart Plugs on SaleMeal Subscription vs. TakeoutBest Satellite Internet ProvidersCurrent Mortgage Rates
CNET logo Why You Can Trust CNET

Our expert, award-winning staff selects the products we cover and rigorously researches and tests our top picks. If you buy through our links, we may get a commission. Reviews ethics statement

Most Android users running outdated security patches: report

A cybersecurity company found that 71 percent of Android users on major US carriers are easy targets for hackers.

Laura Hautala
Laura Hautala
Laura Hautala Former Senior Writer
Laura wrote about e-commerce and Amazon, and she occasionally covered cool science topics. Previously, she broke down cybersecurity and privacy issues for CNET readers. Laura is based in Tacoma, Washington, and was into sourdough before the pandemic.
Expertise E-commerce, Amazon, earned wage access, online marketplaces, direct to consumer, unions, labor and employment, supply chain, cybersecurity, privacy, stalkerware, hacking. Credentials
  • 2022 Eddie Award for a single article in consumer technology
See full bio
Laura Hautala
2 min read
android-logo-generic-hai.jpg

Most Android phones are don't have the latest security patch -- despite efforts by Google to distribute software fixes monthly via phone carriers -- researchers at Skycure found.
Advertiser Disclosure
Advertiser Disclosure
This advertising widget is powered by Navi and contains advertisements that Navi may be paid for in different ways. You will not be charged for engaging with this advertisement. While we strive to provide a wide range of offers, this advertising widget does not include information about every product or service that may be available to you. We make reasonable efforts to ensure that information in the featured advertisements is up to date, each advertiser featured in this widget is responsible for the accuracy and availability of its offer details. It is possible that your actual offer terms from an advertiser may be different than the offer terms in this advertising widget and the advertised offers may be subject to additional terms and conditions of the advertiser which will be presented to you prior to making a purchase. All information is presented without any warranty or guarantee to you.

Chances are, your Android phone would be easy pickings for hackers.

That's according to research released Thursday by cybersecurity company Skycure, which found that 71 percent of Android phones on the five major US carriers haven't been patched with the latest security updates.

The report highlights the risks posed by not updating smartphones, and the challenges Google faces in delivering security updates to Android users.

Why should Android users be worried about staying up to date on their security updates? In the hacking world, security updates show bad guys all the ways that phones, computers or other devices can be compromised. For example, an Android security update in December patched a flaw nick-named "Dirty Cow" that could have let hackers get root privileges -- essentially the keys to the kingdom -- on an Android phone.

So if you don't (or can't) update, hackers can build tools to break into your phone. Patching makes these hacking tools useless.

"Malware, network attacks and advanced exploitation campaigns many times depend on unpatched vulnerabilities to be successful," Yair Amit, co-founder and chief technical officer at Skycure, said in a statement.

The carriers in the Skycure study are T-Mobile, MetroPCS, AT&T, Verizon and Sprint. T-Mobile (which merged with MetroPCS in 2013) declined to comment. AT&T didn't immediately provide a comment. Sprint, and Verizon and didn't respond to requests for comment.

Google declined to respond to the Skycure report, but a spokesman pointed to its report published Wednesday on Android security, which gave details on the company's efforts to distribute monthly Android security updates. These updates have to first go to carriers like those listed in the Skycure report before they can be sent to users' phones.

"We released monthly Android security updates throughout [2016] for devices running Android 4.4.4 and up -- that accounts for 86.3 percent of all active Android devices worldwide," members of the Android security team wrote in a blog post about the report on Wednesday. The report also said the company improved its ability to stop dangerous apps from getting onto the Google Play store and then to users' phones.

But Android acknowledged there was "a lot of room for improvement" in its security update process. "About half of devices in use at the end of 2016 had not received a platform security update in the previous year," members of the Android security team wrote in their blog post.

CNET Magazine: Check out a sampling of the stories you'll find in CNET's newsstand edition, right here.

Life, disrupted: In Europe, millions of refugees are still searching for a safe place to settle. Tech should be part of the solution. But is it? CNET investigates.