Chances are, your Android phone would be easy pickings for hackers.
That’s according to research released Thursday by cybersecurity company Skycure, which found that 71 percent of Android phones on the five major US carriers haven’t been patched with the latest security updates.
The report highlights the risks posed by not updating smartphones, and the challenges Google faces in delivering security updates to Android users.
Why should Android users be worried about staying up to date on their security updates? In the hacking world, security updates show bad guys all the ways that phones, computers or other devices can be compromised. For example, an Android security update in December patched a flaw nick-named “Dirty Cow” that could have let hackers get root privileges — essentially the keys to the kingdom — on an Android phone.
So if you don’t (or can’t) update, hackers can build tools to break into your phone. Patching makes these hacking tools useless.
“Malware, network attacks and advanced exploitation campaigns many times depend on unpatched vulnerabilities to be successful,” Yair Amit, co-founder and chief technical officer at Skycure, said in a statement.
The carriers in the Skycure study are T-Mobile, MetroPCS, AT&T, Verizon and Sprint. T-Mobile (which merged with MetroPCS in 2013) declined to comment. AT&T didn’t immediately provide a comment. Sprint, and Verizon and didn’t respond to requests for comment.
Google declined to respond to the Skycure report, but a spokesman pointed to its report published Wednesday on Android security, which gave details on the company’s efforts to distribute monthly Android security updates. These updates have to first go to carriers like those listed in the Skycure report before they can be sent to users’ phones.
“We released monthly Android security updates throughout  for devices running Android 4.4.4 and up — that accounts for 86.3 percent of all active Android devices worldwide,” members of the Android security team wrote in a blog post about the report on Wednesday. The report also said the company improved its ability to stop dangerous apps from getting onto the Google Play store and then to users’ phones.
But Android acknowledged there was “a lot of room for improvement” in its security update process. “About half of devices in use at the end of 2016 had not received a platform security update in the previous year,” members of the Android security team wrote in their blog post.
CNET Magazine: Check out a sampling of the stories you’ll find in CNET’s newsstand edition, right here.
Life, disrupted: In Europe, millions of refugees are still searching for a safe place to settle. Tech should be part of the solution. But is it? CNET investigates.