Let's run the numbers: 1) Quote "toxic hellstew of vulnerabilities" taken from April 2014 2) Report referenced isn't this year's, it's 2015's 3) Statistics referenced aren't this year's, they're 2014's here's the actual report: (PHAs), or applications that may harm a device, harm the device’s user, or do something unintended with user data. On average, less than 0.5% of devices had a PHA installed during 2015 and devices that only installed applications from Google Play averaged less than 0.15%. "Unpatchable" means "users can't have the problem automatically fixed by having an over-the-air update" it doesn't mean "unfixable" - With that in mind, I would recommend vulnerable users activate the NoScript extension on their mobile browsers. This add-on disables all JavaScript by default in a browser, giving users the option to activate JavaScript on websites they trust and to leave it deactivated on sites that they don't. Meanwhile... __________________ There's some real apples'n'oranges shit going on here. For one thing, Apple gets rid of those "unpatchable" phones that are out there by saying they 'are no longer supported.' As the manufacturer and the software provider, they can do that. If you're running Android, it's pretty well up to the manufacturer to keep you updated and since they're mostly tied into carriers, it's a shitshow. For another thing, the reporter bent over backwards to make that "29%" number relevant when there is zero current data to support it. Not saying there aren't some seriously bad aspects to Android - that quote from the report literally says that more than one apps in a thousand in Google's own Play store are malware. But there will be consequences from carrying a computer around in your pocket. Far better to be aware of them than in fear of them.The largest threat was installation of Potentially Harmful Applications
JavaScript appears to be an integral part of this exploit.