I run into this too often in the security world: phones that aren’t updated. What does it matter? Who needs to bother with smartphone updates? Let’s review some of the vulnerabilities in the two most popular phone OS’s: Google’s Android and Apple’s IOS.
The most recent 50 go back to September, 11 of which are scored over 7 (scale: 1-10). That’s only back to September. Some phones sit without updates for years. Companies like Microsoft are getting so frustrated with updates they’ve taken steps in Windows 10 to try and force updates without asking in a friendly way. Want to delay? You’ll have to work harder to stop it from updating.
What’s the big deal?
Here are some real world issues that come from not patching.
500 bad apps in the Play Store – http://www.zdnet.com/article/500-android-apps-found-to-secretly-contain-data-stealing-spyware/
Judy Malware – http://www.firstpost.com/tech/news-analysis/judy-malware-here-is-the-complete-list-of-infected-google-play-store-apps-3703625.html
Apple is invincible right? Best sandbox, no need for AV on the phone, etc. I’ve heard it before. Apple has 50 CVE’s reported since October of this year. Of them, 14 are over a 7 rating. Neither is IOS invincible from malicious apps.
Check out some of these – https://www.theiphonewiki.com/wiki/Malware_for_iOS
Run an Anti-MalApp
In jest since some don’t like calling the ‘antivirus’ apps just that, I dub them AntiMalApp. They look for bad apps in the hope you can get notified quickly to remove what shouldn’t be on your phone. Here are some reviews of AntiMalApps out there.
Make a backup
As with any update, things can and do go wrong for some. Check your phone’s latest backup to make sure it’s recent. Both Android and Iphone’s have backups capability. Don’t lose your photos and contacts because of your backup didn’t run since last summer. Here are a couple sites to help direct you there:
IOS – https://support.apple.com/en-us/HT204215
Android – https://www.howtogeek.com/140376/htg-explains-what-android-data-is-backed-up-automatically/
When to update?
I do tend to recommend to someone asking that they hold off a couple days to a week when an update is available. It lets the bleeding edge folks get the kinks worked out, and if something really bad is caused by the update you aren’t hit first. It’s not a total fail safe method, but it gives a little cushion at least.
Bottom line is updating your device keeps you in a lower risk pool. It isn’t normally hard and doesn’t take very long.