What are the most commonly over-looked piece of professional security advice amongst computer users?
If you answered install security patches, use unique passwords and enable two-factor authentication – give yourself a point.
Although we obviously recommend that you run anti-virus software, are careful about the personal information you share online, and use hard-to-crack passwords there are other essential steps that security professionals recommend but are often not put into practice by regular users.
And in a world where we are increasingly using our smartphones to do business, make purchases and communicate with our friends and family it’s important to recognise that sensible security doesn’t start and end on your desk – it begins in your pocket.
So I was in turn both delighted and mortified to see the latest figures for how well iPhone and Android users were doing at keeping their mobile devices updated with the latest operating system patches.
Let’s look at Apple’s official figures first, measured by their App Store.
As on February 20, 2017, an impressive 79% of iOS devices were using iOS 10 – the latest version of Apple’s mobile operating system. That’s a three-point increase over the adoption rate recorded at the start of the year, and less than six months since iOS 10 was first released to the public last September.
I think everyone would argue that that’s quite impressive.
So how does it compare to Google Android? Well, it’s only fair to compare Apple’s official figures with Google’s official figures.
The latest major version of Android, Nougat, was released at the end of August 2016 – slightly earlier than iOS 10. So you might have hoped that they would have similar adoption levels amongst users. Sadly that’s not the case.
Android Nougat 7.0 and 7.1 account for a mere 1.2% of distribution. That’s a long long way behind iOS 10’s 79% adoption rate.
The most popular versions of Android are Lollipop 5.0/5.1 (with a combined 32.9%) and Marshmallow 6.0 (30.7%). For comparison, Lollipop came out in November 2014 and Marshmallow in October 2015.
Frankly, it’s pitiful. And if we are to believe security professionals recommendation that keeping your security patches up to date is one of the most important things you can do to protect your online devices, then frankly – heaven help you.
Apple and Google have taken a very different approach, of course.
Apple make their own hardware, and don’t allow anyone else to manufacture phones that run the iOS operating system. This gives them a high level of control, and makes the process of keeping iOS devices updated with the latest security patches much easier.
Google, in its desire to have the most widely-used operating system on the planet, allowed anyone to create an Android phone – with little consideration of how those phones would be updated when they were crying out for a security patch or an operating system upgrade.
There is a huge range of Android smartphones out there, and whereas Apple can issue a single iOS update to patch iPhones and iPads, things aren’t so simple for Google’s users. This fragmentation inevitably leaves Android devices open to security problems.
ZDNet journalist Adrian Kingsley-Hughes once declared that Android fragmentation was “turning devices into a toxic hellstew of vulnerabilities” and I cannot help but agree with him.
If you buy a phone that Google itself has manufactured then things are simpler, of course. But many consumers haven’t – and find themselves left behind with an out-of-date operating system on their phone or tablet.
And yes, you could choose to root your Android phone and install your own custom ROM on it… but is that really an achievable option for the average non-techie consumer?
Does the cheaper price of an Android phone make up for the difficulty in getting the latest updates? That’s a question only you can answer. But as the incidence of cybercrime rises, I certainly think it would be wise to consider just how long you’ll feel happy running a smartphone that is missing out on security updates.