Warning: this is kind of a rant.
Essentially, if you have an Android phone, you're vulnerable. Sure, you can have system updates fixing the issues and making your phone safer (for now)... or maybe not?
I realized a few months ago that, unless you have a phone from Google, you won't get the latest updates. They need to pass through the manufacturer of your phone first (Samsung, Asus, whatever), then your phone operator (if you bought your phone from one), and only then you can download the thing and install on your phone. This is bad.
Oh, and what happens if the manufacturer stops supporting your phone? Mine has lost support almost a year ago, so I won't even get Android 4.4! It sucks. They say "buy a new phone", but new phones are expensive, and why should I throw away a phone that serves me its purpose? Sure, it's slower than new phones, has less memory, less storage, but I don't really care (unless I'm using a browser, then I care). I want to have updates on my phone. And I'm not talking about new versions of Android - I'm talking about security updates.
I wonder if I can sue them for not releasing security updates to a phone they don't support anymore. They're essentially forcing me to buy a new phone or someone could attack me. And if they do, it's their fault, not mine.
Seriously, this is unacceptable! Come on! They have a huge amount of users with phones that need security updates ASAP! And trust me, from the security perspective, they're not only being evil, but
assholes idiots. Sometimes I hear them saying that "my phone doesn't support the updates". Security updates are not big changes on the system, but usually small patches. Small patches won't kill anything. Sure, it might crash one of their dumb apps, but then it's because they didn't code it properly. Apps that nobody has ever used, btw.
Anyway, you might be wondering why I still didn't change to something like CyanogenMod. Oh, trust me, I've memorized their install procedure and the list of known issues for my smartphone. I'm just looking for a time when I'm financially comfortable enough in case I break my phone, and also time to backup the EFS partition (in case it kills my IMEI) and the whole thing. But sure, I may switch to it anytime soon, but not just now.
So having a phone that's not from Google and that is a bit old is essentially bad for security. Oh well. At least Apple doesn't have that issue.