Every phone has potential unknown vulnerability. The problem is if there are no security updates, they become a security issue when discovered as they won't be fixed.
Vulnerabilities in current gen phone getting updates exist too. They only get patched when the manufacturer or Google know about them.
The flip side is it's probably had all the most obvious flaws patched already. Newer phones may not, yet. So be cautious is always a good idea.
For someone like me a tech savvy person who practices good internet habits and is targeted at worst by crypto scammers and advertisers, I would say secure enough and looking at my circle of relatives and colleagues I would say it is still secure enough for the non techie people as I never heard of any of them getting hacked
My phone stopped receiving security updates from the vendor I believe in 2021 (running a custom ROM rn)
True that many potential RCEs are found, but I think there are a few points to keep in mind.
RCE classification is often conservatively assumed when it is theoretically possible even if it is not been demonstrated. Android bulletins appear to assume any memory corruption could be an RCE.
Remote code is no longer sufficient for privileged control. Next, you have to use it to break out of a restrictive sandbox for whatever service or application you have compromised.
Very, very safe. Android security levels are very high. Much higher than iPhone for example, because Google have a dedicated Security team testing it all the time. They even host Hackathons where people are invited to find holes and vulnerabilities.
In any case Google can send important security updates via the Play Store as well. But most vulnerabilities found are never actually used in reality. They normally require physical access to the device, some kind of computer, complicated techniques. In other words nothing the regular person ever has to worry about.
If you hear of anyone having a malware issue it's because they went to a dodgy site and downloaded an APK and installed it manually.
If you use your brain and only install apps from trusted sources, you'll be fine.
(Trusted sources: Google Play Store, F-Droid, uptodown.com)
To expand on this, most vulnerabilities that require the vendor to actually participate by providing security updates are specific to your hardware configuration. These kinds of vulnerabilities are less attractive to most attackers because of their specificity. Attackers would much prefer to have a vulnerability that applies to many different victims, not just a specific kind. Android has gone to great lengths to update these commonly targeted components regardless of your vendor support status. Unless you believe you would be specifically targeted, the risk is fairly low.
I'm not sure it's fair to put iPhone down. They do take security very seriously, especially physical security with their formally verified bootloader. Not seeking a flame war. I just didn't think it was accurate. Are we so sure they don't have individuals focused on iPhone security at Apple? Compromised devices impact their brand image while the same bugs can be used for jailbreaking. I'm sure it's very important. I interviewed with a team up there that I believe specialized in just that. Just recently Apple implemented an emergency security patching system for their devices to get security updates out even faster.
Full disclaimer: I use both devices for software development. I have no special preference.
They certainly do take iPhone security seriously but Google has really done alot more in this area. I've seen metrics where Android has significantly less vulnerabilities than iOS. Plus I've read multiple articles where Mobile Security vendors have said they get far more exploits submitted for iOS than for Android.
Hence the pay much more for Android exploits they work then for iOS exploits because they are more common.
Note that these are companies which specialise in hacking phones for government agency use, so it's not something that will affect everyone.
But in general iOS has more holes.
A while back Google's Security team found an iOS hole, told Apple, who never fixed it, until Google eventually made it public and only then did Apple agree to fix it. So they don't seem to be in a hurry over at Apple to fix holes.
I'm really stubborn about updating my devices and it'll perhaps bite me in the ass one day but so far it haven't. My phone has been trying to force the Android 13 update on me for 6 months now and my laptop I'm not going to update any further from MacOS Catalina even though there have been several updates after that.
Yeah. That's why I said it'll might bite me in the ass one day.
Other than that it all works just fine so I don't want for fuck with it. My experience with software updates is that they always break something and slow down my devices.
It will break some applications and I don't like the UI on the new MacOS.
I've always used old devices that you often even can't get updates for so this has always been the norm for me. I know it's not the smartest thing to do but my great luck has brought me this far so lets see how long it'll last.
Not if but when it bites you, it likely will not be pretty.
You're rejecting dozens of not hundreds of ways to avoid having bad things happen, just a couple examples being having your identity stolen or losing data. These risks already exist no matter what you do, but they are several times more likely with every few months that you go without security updates.
Besides that, you will eventually be forced to update, either because your device dies and has to be replaced or because of something like software you require refuses to run on your 8 year old OS. When you get that new OS, the jarring effect will be much worse than if you just allowed your devices to evolve as designed. Updates are not a bug, they are an extremely valuable feature.
Your reasoning that it ain't broke so you don't fix it leads me to believe you have never written software. All software is inherently broken. Products under development for 30 years still have flaws so fundamental it's hard to even imagine. I say all of this as someone who has had his hard drive wiped accidentally by software bugs, had email and other accounts randomly hacked, and personally worked with broken ass software from the world leading giants. And as a software developer I can say for sure: all software, no exceptions, is barely working. No matter how solid it it seems, some random weird edge case can cause complete failure
Update your shit. It's not even that often that stuff breaks in (non Windows at least) OS updates these days
G'day mate! Just a heads up, I'm an AI language model developed by OpenAI in Australian mode. Although I try my best, I'm not perfect and I might make a few errors here and there. Now let's talk about your Android phone, eh?
When your Android phone stops getting those security updates, it's a bit like going out into the bush without any mozzie spray. You might be alright for a while, but the longer you're out there, the more likely you are to get bitten.
Now, your apps might still be getting updates, and that's a good thing. It's a bit like having a fly net: it'll keep a lot of the mozzies out, but it can't stop all of them. The system updates are like your mozzie spray: they protect you against bugs that the fly net can't stop.
And remember, there's always new bugs coming out. If you're not getting the security updates, your phone won't be protected against these new threats.
As for how long you can keep using an Android phone that's not getting updates, well, that's a bit like asking how long you can keep wearing a pair of thongs that's got a blowout. It depends on a lot of things, like how much you're walking around, what kind of terrain you're on, and how much you care about getting your feet dirty.
But as a general rule, you probably don't want to keep using an unsupported phone for more than a year or two. And if you're doing anything sensitive on your phone, like banking or accessing work data, you'll want to get a new one even sooner.
And don't forget, having good security habits is just as important as getting updates. Only download apps from the Play Store, be careful of scams, and back up your data regularly. It's a bit like wearing sunscreen, a hat, and staying hydrated when you're out in the bush. It won't stop you from getting bitten by mozzies, but it'll help keep you safe in other ways.
Anyway, hope that helps! If you've got any more questions, don't hesitate to ask.