There are so many attack vectors now on phones ranging from the SIM Card (which has an OS as well) to all the baseband chips to the actual OS and the different app privileges (like the old SMS listening port).

What's interesting to me about the Taiwanese tech industry is their nimbleness and how MediaTek pivoted from a primarily DVD chip maker to dumb phone chip provider running on Pluto OS to now a smartphone chipmaker. Surprised the folks at Intel never tried to acquire them.


I guess they didn’t look hard enough at the other 63%
My approach with phones is to install apps only from very mainstream well known publishers (for Android, I limit apps mainly to those from Google). Other than the stock Google apps for web browser, email, maps, and phone/contacts/calendar I don't find I need many apps.

All computing devices have vulnerabilites. If you feel you need to use them regardless, you can avoid a lot of exploits by not installing random apps from publishers you've never heard of.

Somehow firmware updates should be enforced by consumers.

It doesn’t help, that there are so many different smartphone vendors, and the most of them are pursuiting only for sales. New chips are coming constantly, and old ones get forgotten, left unpatched.

Is the future of the smartphone market of secure phones only in the hands of big ones (Apple et al)?

The time for open source chips is now.


I think it's fair to say that at least 75% of Android phones currently in consumer hands will never receive another security update.