Chris Soghoian, principal technologist and senior policy analyst with the American Civil Liberties Union has this to say about Android devices,
“You don’t need [a zero-day exploit] to attack most Android devices if consumers are running 13-month old software,”
According to Soghoian, the reason why there are so many Android devices that are vulnerable to hacking is down to the hardware manufacturers and wireless carriers. This, he says, is down to the fact that device manufacturers and carriers do not push updates out to their customers in a timely manner. Such updates, which often carry security fixes along with them, are designed to reduce newly discovered vulnerabilities but end users are not seeing the benefits as they receive updates when the carrier wants rather than when they first become available.
The reason for this being so seems to be down to cost. Whenever Google release an update to Android the hardware engineers have to modify it, often many times over, to work with each device their company has produced. With the constant need to also design new handsets and tablets at the same time this can mean that updates either take a long time to produce or are forgotten about completely.
The blame for this is not on Google’s part of course but rather with the carriers.
By contrast, Apple updates always arrive in a timely manner with Soghoian saying,
“When Apple decides that it’s going to give a security update to consumers or a feature update, every consumer who plugs their phone into their computer gets the update whether or not their respective regional carrier likes it.”
Video: Chris Soghoian on Wireless Carriers And Android Security: