How safe is my Android? Which Android version is best protected? Are legacy versions targeted by hackers? If you care about your personal data security, you've surely asked yourself one of those questions. In this brief roundup, we’ll cover all major Android versions for smartphones and provide best security practices and useful links for each one.
The general rule of thumb is: the older software you have, the more known vulnerabilities it has. This as well applies to operating systems including Android.
So, it’s generally recommended to have the latest device with all latest operating system updates. While this is a good recommendation, it’s not always possible to follow. So, let’s see what the perils and recommendations are if you are using legacy versions (i.e. 2.x to 4.x).
Android 2.x (codenames Eclair, Froyo, Gingerbread)
Versions 2.x have numerous severe vulnerabilities that may cause personal data leaking, including exploits that give the hacker root access (!) to your device. To have a general idea about the risks, you can check some reported issues here: https://www.cvedetails.com/vulnerability-list/vendor_id-1224/product_id-19997/version_id-111360/Google-Android-2.3.4.html
If you or your dear person use such a device, like it and wouldn’t want to change it, we advise:
Android 4.x (codenames Ice Cream Sandwich, Jelly Bean, KitKat)
While with Android 4.x there are less reported vulnerabilities as compared to 2.x, do not underestimate their severity, regardless of your device vendor. Android 4.4.4 goes as an example here: https://www.cvedetails.com/vulnerability-list/vendor_id-1224/product_id-19997/version_id-177951/Google-Android-4.4.4.html
The vulnerabilities have been discovered only recently and they have maximum threat level.
So, while Android 4.x devices are still being sold (and there are a plenty of really awesome makes and brands), we can’t recommend 4.x if you want decent protection.
Before we talk about Android 5.x and 6.x, we’ll cite some good news from Google. Starting August 2015, Google releases security patches for Android every month, similar to Patch Tuesdays by Microsoft. While legacy versions do not get any updates from Google, if you have Android 5.1+, you may be getting the updates.
By the way, some vendors or carriers still may release patches even for pre 5 versions, especially given the lag between releases by Google and the vendors.
Android 5.x (codename Lollipop
Is my 5.x device upgradeable to 6.0?
While Android 5.x is a fairly recent major release, it’s not the latest one. Luckily, some vendors have announced upgrades to 6.0 for some of the existing 5.x lineups. A big list of major vendors and device models is found here: http://www.digitaltrends.com/mobile/android-6-marshmallow-updated-phones/
Vulnerabilities
A few serious vulnerabilities have been discovered in 5.x already, which, however, can be counteracted if you use discretion. The vulnerabilities list goes here: https://www.cvedetails.com/vulnerability-list/vendor_id-1224/product_id-19997/version_id-179829/Google-Android-5.0.html
Some more good news – Android 5.1 (build LMY48Z) is getting security updates. Samsung even enabled security patch level display for its Android 5.x devices.
Security patch level tells you the date of the last security update (which should not be more than 1 month before current date).
This way, we can recommend Android 5.x for use with the following recommendations:
Android 6.0 (codename Marshmallow)
While many vulnerabilities are reported for 6.x, they are promptly fixed: https://www.cvedetails.com/vulnerability-list/vendor_id-1224/product_id-19997/version_id-187788/Google-Android-6.0.html
If you use Android 6.0:
Having an older version of Android doesn’t mean attackers won’t bother to hack and exploit your device or steal your data. Older versions are an easier target as they have numerous known vulnerabilities.
Use Android 2.x and 4.x devices with extreme caution and avoid online exposure. While Android 5.x is considered fairly safe, be cautious about what apps you install. If you own an Android 5.1 or 6.0 device, be sure to check your patch level date regularly.
While 97% of infected devices are on Android, only 0.1% of apps in Google’ Play Store may have some sort of malware. So, almost all infected Android devices got infected from pirated apps or apps from untrusted vendors (shady third-party stores in Asia, etc.).
This way, you can stay fairly secure even with legacy devices, if you use discretion. So, in the next article we’ll explain how to protect your data using third-party utilities and apps.