Fragmandroid: 95.4 percent of Google Android users are running an insecure operating system

“Is Android safe? Alphabet Inc.’s Google says it is continuing to make its globally dominant mobile operating system safer,” Nathan Olivarez-Giles reports for The Wall Street Journal. “But… the benefits are largely only for people who use a phone or tablet running a newer version of the OS and restrict their app downloads to Google’s own Play store.”

“The safest Android users are the small fraction — 4.6% — who run Android 6 Marshmallow,” Olivarez-Giles reports. “It is the only version of the OS to offer full-disk encryption and new granular app permissions, which give users more control over what data they share with each app.

Olivarez-Giles reports, “By comparison, Apple Inc. says 84% of iOS users are running its most recent and safest version, iOS 9.”

Read more in the full article here.

MacDailyNews Take: Reason #8,435,237 not to use derivative garbage.

If it’s not an iPhone, it’s not an iPhone.

Why so few Android phones are encrypted vs. Apple’s iPhone – March 30, 2016
Millions of Android phones open to ‘permanent device compromise’ attack – March 23, 2016
Android malware hits Aussie bank customers, iOS users unaffected – March 10, 2016
Android malware steals one-time passcodes, a crucial defense for online banking – January 14, 2016
New Android malware is so bad, you’d better off buying a new phone – November 6, 2015
Apple issues iPhone manifesto; blasts Android’s lack of updates, lack of privacy, rampant malware – August 10, 2015
New Android malware strains to top 2 million by end of 2015 – July 1, 2015
Symantec: 1 in 5 Android apps is malware – April 25, 2015
Kaspersky Lab Director: Over 98% of mobile malware targets Android because it’s much, much easier to exploit than iOS – January 15, 2015
Security experts: Malware spreading to millions on Android phones – November 21, 2014
There’s practically no iOS malware, thanks to Apple’s smart control over app distribution – June 13, 2014
F-Secure: Android accounted for 99% of new mobile malware in Q1 2014 – April 30, 2014
Google’s Sundar Pichai: Android not designed to be safe; if I wrote malware, I’d target Android, too – February 27, 2014
Cisco: Android the target of 99 percent of world’s mobile malware – January 17, 2014
U.S. DHS, FBI warn of malware threats to Android mobile devices – August 27, 2013
Android app malware rates skyrocket 40 percent in last quarter – August 7, 2013
First malware found in wild that exploits Android app signing flaw – July 25, 2013
Mobile Threats Report: Android accounts for 92% of all mobile malware – June 26, 2013
Latest self-replicating Android Trojan looks and acts just like Windows malware – June 7, 2013
99.9% of new mobile malware targets Android phones – May 30, 2013
Mobile malware exploding, but only for Android – May 14, 2013
Mobile malware: Android is a bad apple – April 15, 2013
F-Secure: Android accounted for 96% of all mobile malware in Q4 2012 – March 7, 2013
New malware attacks Android phones, Windows PCs to eavesdrop, steal data; iPhone, Mac users unaffected – February 4, 2013


  1. This is one of the biggest reasons I can’t bring myself to dip my toe in the Android quagmire. The whole confusion about when, where, how to get upgrades and how timely they will be.

  2. I’m an iPhone user from Day 1 and love it and wouldn’t switch for anything, but I know a LOT of Android users who are very happy with their phones (ignorance is bliss) and who say they’ve never been hacked so “who cares?” if Android is not secure. For them, there is no practical reason to stop using Android. Just because a threat is potentially there doesn’t mean it will ever happen (they’ll say to me “Should I stop crossing streets on foot because a car “might” run a red light and kill me? Why should I care that my OS is not secure if no one ever hacks me?”).

  3. “Reason #8,435,237 not to use derivative garbage.”

    I know MDN is smart, and they know this, but iOS is derived from OSX, which is derived from BSD.

    Android is derived from Linux and Java.

    Let’s avoid them both then.

    1. That’s right, MDN is smart. And you’re not.

      Derivation of operating systems has no bearing on why you should avoid “Android” and embrace iOS if you value security and privacy.

      1. All they did was expose their bias and gave a poor justification which also applied to their object of affection. It is MDN that specifically said “not to use derivative garbage”, which reads as if all that is derivative is garbage.

        1. Nor do you understand logic: saying that using derivative garbage is a bad idea in no way logically implies that all things derivative are garbage. In fact, MDN’s statement would be better understood to imply that some derivative things are NOT garbage. Otherwise, they could have removed the according-to-you redundantly descriptive word “garbage” and just said “derivative products.”

  4. Still… The only know large scale attack on a mobile os is the XcodeGhost on iOS.

    I know it wasn’t used to do really bad things but this is just luck and has nothing to do with a security feature that blocked it.

    Disparity in Android’s ecosystem makes it difficult to target on a specific attack (Only few of them could affect the full ecosystem). The security model of Android is certainly not so bad as you describe it ( (A bit old but still interesting)) and finally… As stated in the article itself, as long as you don’t leave the official playstore, you’re quite safe. Leaving the playstore can only be done through a settings that requires that the user knows exactly what he does. You don’t get here by accident. It’s like jailbreaking and iPhone.

    It’s hard to expect people here to look at facts rationally… But a reminder never hurts 😉

    1. So one of the biggest reasons android users tell us that it’s superior is because they have so many options. A huge one being that they have more than just the play store. And you are saying, “Stick to the play store” sounds very similar to apple’s “walled garden” 😉

      1. I know you’re just trolling with your question but let’s go for a serious answer.

        Done with the appropriate care, using an alternative source for your apk is a plus. For the others or those who don’t know, sticking to the official store is perfect.

        If you mostly stay in the playstore and only use the option for alternate installation in exceptional cases where you know you’re safe it’s a real plus.

        One very simple example… In my company, our developer created some simple but at the same time very useful apps. It was a blessing to be able to “just install and use them”

  5. I was recently at lunch with 3 Android phone users. One wanted to change something in his phone settings, but couldn’t find where to do it. The other two joined in to help, saying, ‘we know where that setting is…” And then giving up in frustration when they realized he was running a version of Android they were unfamiliar with and had no idea where to find that setting.
    It sounds like an ideal user experience to me (irony)

    1. I see that ALL THE TIME. I have to support mobile devices at my work. You fix one person’s android issue and have others come in with the same problem and you realize you have to troubleshoot from the beginning because everything is all jacked and in different places.

      It’s kind of funny, android users usually come in with a “Please help fix my problem” issues and iOS users come in with “Hey, how can I do this?” questions.

  6. Many of these Android users will eventually communicate with each other and determine the reason why they had money stolen out of their checking accounts was because they are running outdated Android operating systems. Android is like walking around a major city wearing a suite made of loosely connected money.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.