Remember that mobile security companies only want to sell you something
A company who wants your money just might say anything to get it.
Did you hear that like every Android phone ever made is broken because the companies that made them are lying and not really sending you security patches when they say they are sending you one? Chances are you did, because the whole silly mess was engineered solely so you would hear about it. I'll go a step further and say the entire study only exists as a thing that will grab your attention so you can become concerned about your phone, then be directed to a link where you can download an app with intrusive permissions and send loads of juicy user data.
Fear is big business and there will always be companies who use scare tactics to get attention.
That's bad. Very bad. Not just because some company drops a gigantic accusation and offers little to no proof, but because it will make us skeptical when we shouldn't be. One day a security researcher may find something we really need to know about or be concerned about, but we'll brush it off because of the countless times we've been misled. Mobile security products are the 21st-century version of snake oil.
The fact of the matter is that mobile security companies only exist to make money like all other companies. Every word a spokesman says or types is said or typed to make money for the company, and they try to make us think they are helping or saving us while they do it. They really love it when they see news stories that repeat the words they have said or typed and the more times they see headlines with the company name and sensational numbers about "infected Android phones" or similar nonsense the more money there is to count. Android may be broken, but instead of trying to fix it these companies are circling like buzzards so they can get their bit of flesh.
I spent way too much time trying to investigate the recent claims about dishonest security patches only to see that the details eventually released don't tell us anything — other than how bad it all is based on proprietary software that scans phone firmware files. That's kind of interesting, but not really what we expected to hear after a full day of hype letting us know there was something important to say. This sort of carnival barker behavior is ridiculous and shows that the companies involved don't really care about your safety and privacy or they wouldn't make you wait one more day.
It works, though. The news business is full of fierce competition and that means your website can't be the only one that doesn't repeat the dubious claims that infer we all should trust a company we have never heard of more than the company that invented the cell phone. And what if one of these claims turns out to be more than sensationalism? No outlet wants to be the place that didn't warn you when they could have. Remember that the next time you want to blast a website or news channel for repeating something that might be important. They (we) aren't security researchers and aren't making these claims, only repeating them so you know about them.
News writers should display a disclaimer in these stories. I'm guilty of not doing it, too.
What we here at AC and every other news outlet could do is remind you that these sorts of things come from companies that sell a product designed to "fix" the problems they claim to have found. I'm guilty here, too. Whenever you read a news article telling you that millions of Android users are affected by something and the company making the claims has a mobile security product to sell you, there should be a disclaimer. "Company XXX is the publisher of this security application and we can't validate their claims" or something similarly generic that can just be dropped in place every time a post about the latest thing is written would work. I'll try to remember to do it from now on and remind others when I see it.
What we as users need to do is pay attention and decide which of these sorts of issues are worth further attention. We can't just ignore them because every once in a while they turn out to have a bit of truth buried under all the BS. And the law of averages says that eventually millions of smartphones will be hacked and a lot of money will be stolen. But remember that it is ridiculously hard to hack a smartphone, and the companies writing the software and making the hardware never stop trying to make it even harder.
Stay safe, y'all.