Just look at the monthly security bulletins if you want to see what the current known vulnerabilities are/were. It is not about "just having the newest thing". It's also unfair to say that it's a non-issue if you don't know someone who has been personally affected by not having an up-to-date security patch on their phone. The chances of it happening to you are definitely very low, even more-so with proper precautions, but there's no reason that your phones shouldn't be at the current security patch level ASAP just in case.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Samsung Galaxy S9
- Thread starter jamezr
- Start date
- Sort by reaction score
For the most part, I think security updates and updates in general are overrated. When it comes to security, nothing beats an informed user. You can have all the security patches you like, but nothing will protect a careless and ignorant user. I could keep my phone completely as is, from launch, and I would never have a security worry. The media blows these things way out of proportion. And as some here have already mentioned, unless new features are being added, most people aren't even affected in how they use their phone with or without the newest OS version.
You do realize that for instance BlueBorne had an attack vector that required no user interaction at all? Sure, being informed and cautious helps with many issues, but there are flaws where the phone just needs to exist with its vulnerable software. Being both informed AND patched is good, but with just one of those there are attack vectors open.
While BlueBorne is scary, it's easily nullified since 99.99% of users have some sort of unlock security (biometric, pin, pattern, etc.) that the hacker would have to solve before gaining access to whatever is on your phone.
But if the attack takes place e.g. in a train/bus/whatever where you're already using your phone and have unlocked it, then biometrics won't help. Attacks also get smarter all the time, so I wouldn't be surprised if someone's already figured out how to perform the controlling part of a BlueBorne attack in the background so that the user can keep doing whatever they're doing without anything too obvious alerting that something shady's going on in the background.
In addition, BlueBorne was just one example of an exploit where the bad guy can perfectly well get into your device if you're not patched, i.e. just being informed and being cautious isn't such a silver bullet as was suggested above. It does help, but for proper security also timely patches are needed.
I am thinking about making a move back to the S8+. Comfortable with the iPhone 8+, but it is missing the pizzazz that comes with Android and the Galaxy Experience software. I don't like Galaxy software or its quirks, but the features and hardware are amazing. Could save hundreds of dollars going to the S8+ and getting rid of my iPhone 8+ and Apple Watch. Especially when the S9 comes out and Samsung has an EPP sale or special clearance sale?
Gotta decide if I want comfort with iMessage (especially replies from the lock-screen), the Wi-Fi setup automatically taking you to log into secure log-in, incredible battery standby time, and an Apple Watch? The alternative is Samsung Pay, Samsung Pass, Samsung Browser, an OLED display, native quick charge, etc.
Decisions decisions.
Gotta decide if I want comfort with iMessage (especially replies from the lock-screen), the Wi-Fi setup automatically taking you to log into secure log-in, incredible battery standby time, and an Apple Watch? The alternative is Samsung Pay, Samsung Pass, Samsung Browser, an OLED display, native quick charge, etc.
Decisions decisions.
Last edited:
I know the feeling. I like my S8+, but I'm getting this occasional itch to go for the iPhone 8+, but so far looking at the prices and features have made me stay with the S8+ I got for just 599€ while the 8+ starts at 949€. Having payments in my watch is something I miss with the S8+ & Gear S3 combo as Samsung Pay is not available here yet while Apple Pay is, but at least my phone does NFC payments linked to my main card (my bank doesn't participate in Apple Pay yet). However, the awesome battery life of the Gear S3 does compensate quite a bit, and in your case it seems like Samsung Pay is available indeed.
Quick charge is lucrative for the S8+ especially when the charger comes in the box. Samsung also offers quick charging powerbanks for when you need to top up on the go. I picked up one from their Xmas sales and it's been liberating to use.
I'm just eagerly waiting for Samsung to release Linux for Galaxy which they introduced a while back. If it's as good as it sounds like, it would be a huge feature for me.
I don't think I said "know someone who has been personally affected"... I said know of anyone who has been affected. I have never seen a news story about Android users who were compromised. I have admittedly not been looking closely for it, which is why I said, "serious question". But I would think if a bunch of real Android users were hacked because of a slow security patch that it would have been big news. I've never seen such a thing. I'm not saying that we shouldn't take security seriously, and patch when available, but is it really an issue if the updates come every 2 months instead of ever 1 month? Or is this media hype, which makes every thing seem overblown.
Adware via Google Play Store apps that slipped through.
Popup ads on Android screens and lock screen.
Some are nuisances, some are stealing what's on the screen and malware.
There are new posts on Android forums about popup ads.
You say fake virus alerts and FBI scams are nothing. But if it really encrypted a system it must be scary and costly.
Phishing relies on unmatched systems and careless - and too often we get lazy and click on something in an email. Habit that 1/1000 is too often. I had more fake iTunes emails on Mac and iOS than ever using Android or Windows. (and wish I could uninstall Apple Mail on both)
Popup ads on Android screens and lock screen.
Some are nuisances, some are stealing what's on the screen and malware.
There are new posts on Android forums about popup ads.
You say fake virus alerts and FBI scams are nothing. But if it really encrypted a system it must be scary and costly.
Phishing relies on unmatched systems and careless - and too often we get lazy and click on something in an email. Habit that 1/1000 is too often. I had more fake iTunes emails on Mac and iOS than ever using Android or Windows. (and wish I could uninstall Apple Mail on both)
Someone who is affected by something is always personally affected in that scenario. All of us should expect to get security updates as soon as they are available.. To give the manufacturers/carriers a pass on this is a disservice to everyone involved.
Going to play devil's advocate here. Many people don't always update their phones, so the additional updates won't make a difference to them. In addition, your phone is always at risk if someone wants to scour through it. iOS is more impervious since it is a closed OS, but it is hackable by unwarranted third-party intrusion.
I think getting monthly security updates are important.
I think getting OS updates is less important because of of the core apps for Android are updated through the playstore.
I think getting OS updates is less important because of of the core apps for Android are updated through the playstore.
And iOS is also more vulnerable because users have a perception that it is unhackable. So a fake iOS password phishing prompt could easily get past an iOS user. They pop up all the time normally, so I personally would likely just respond without thinking.
[doublepost=1515593343][/doublepost]
My point is still not getting across. If there were people being hacked, it would be in the news. I've not seen it. I see hoopla about exploits being identified, but I never see stories of Android users being impacted. Not disagreeing they should get them out quickly, but I'd rather wait and have it be done correctly than to have them pushed out quickly without proper testing.
I can understand that argument when it comes to actual system updates, but security patches have never broken anything like system updates can and have in the past.
yeah...my thoughts too...they should keep the same feature set for both phones.....
My question is, can Samsung actually get away with a $100 price difference between the S9 and S9+, like Apple does with the 8 and 8+? I personally don't think so. IMO, it would have to be at least a $200 price difference. Otherwise it just won't sell. Or maybe the S9 will sell months down the road from release, once the price difference becomes more drastic from the S9+.
Will people that own the S8/S8+ buy the S9/S9+ outright again if the phone is more or less the same concepts: 18:9 aspect ratio with minimal bezels and QHD VR supportive screen, sufficient RAM, a high speed processor, a nifty camera, Samsung Pay, SD slot, 64gb internal memory, water resistance, advanced biometrics, quick charge, and Android software?
I think I'll wait a bit until prices come down a bit. I waited a few months before pulling the trigger on the S8+ and got it basically for OnePlus prices. That's awesome value for a Samsung flagship. This S8+ should serve me perfectly fine until the initially skyhigh S9 prices settle down at least a bit.