Your phone probably contains banking, payment and personal information that can be remotely stolen via numerous known and unknown bugs in the Android software. This is attractive to criminals.
Vendors (LG, Samsung, Xiaomi, etc.), after selling you their phone, have no incentive to keep your phone's software up to date with Google's fixes. Your Android phone is probably out of date and therefore a gaping security hole through which attackers can steal your stuff from the safety of their own laptops.
In short, your phone could be hacked wide open from afar through a single innocent-looking email, MMS or web-page.
In the end the recommendations are: buy an Iphone, stick to Google phones or install a custom ROM.
Original URL: Android security in 2016 is a mess
-- submitted from IRC
(Score: 2) by HiThere on Wednesday December 07 2016, @07:17PM
IIUC, the phones are legally required to have a GPS, but not to make it available to the end-user. So making it available can be an extra cost option. (OTOH, my phone is old enough to pre-date that law...but it's JUST a phone.)
Javascript is what you use to allow unknown third parties to run software you have no idea about on your computer.