HACKER Q&A
📣 osdril

Real risk of using an unpatched phone


Reading some discussions on HN, it looks like many people claim that using a phone which no longer receives security updates is a terrible idea because the probability of you getting hacked dramatically increases.

On the other hand, millions of people in the world run unpatched Android phones everyday and yet I cannot find any significant report of them being hacked because of this. It looks like most vulnerabilities are only really exploited in targeted attacks to specific personalities (activists, journalists, etc.) and the ongoing discussion about the topic is mostly speculation.

So, really, how unreasonable am I being in using an unpatched phone? (All the apps and the Play Services are still being regularly updated)

I don't like being forced to replace a still functioning device, but if there's any real high-probability risk I guess it's just the most sensible option.

  👤 ActorNightly Accepted Answer ✓
There aren't really any big exploits anymore that one can target en masse. Most of the exploits that do pop up require not only extremely specific targeting, but also pretty hardcore engineering to actually to stuff with the exploit. To get from something like a double free to a shell isn't exactly straightforward (and in some cases, not even possible).

Ironically enough, even though they are still VERY rare, I believe that fully remote exploits for Apple pop up at a higher frequency, because of how intricately their apps tie into the OS of the phone for performance reasons. Over the years, I seem to remember reading more about them on Project Zero than

👤 jjgreen
You cannot hope to bribe or twist, thank God! the British journalist. But, seeing what the man will do unbribed, there's no occasion to.

Humbert Wolfe

👤 warner25
I started this "Ask HN" on the topic a year ago: https://news.ycombinator.com/item?id=33197291

People made some interesting points. I still have my head in the sand, and I plan to reevaluate again next fall. Note that I'm an unusually light user of my phone, I'm a nobody, and I don't travel internationally. I'd make different decisions if my phone were the center of my digital life or I felt like I might be targeted.