Your phone probably contains banking, payment and personal information that can be remotely stolen via numerous known and unknown bugs in the Android software. This is attractive to criminals.
Vendors (LG, Samsung, Xiaomi, etc.), after selling you their phone, have no incentive to keep your phone's software up to date with Google's fixes. Your Android phone is probably out of date and therefore a gaping security hole through which attackers can steal your stuff from the safety of their own laptops.
In short, your phone could be hacked wide open from afar through a single innocent-looking email, MMS or web-page.
In the end the recommendations are: buy an Iphone, stick to Google phones or install a custom ROM.
Original URL: Android security in 2016 is a mess
-- submitted from IRC
(Score: 4, Interesting) by TheRaven on Wednesday December 07 2016, @11:12AM
The second is complexity. If you're moving all of the complexity of device abstraction into the hypervisor, then that's going to be a pretty big codebase. A conservative estimate for a modern phone would be around half a million lines of code (a minimum of about three million if you wanted GPU abstraction as well). All of that code is written in C or C++ and all of it is your trusted computing base. What do you want to bet that it is completely free of exploitable bugs? I'd be willing to bet at least one major exploitable vulnerability every six months. So now you need to have a mechanism for installing updates to the hypervisor.
sudo mod me up