Short post everyone.
As I have noted elsewhere, security problems are becoming bigger and more prevalent on mobile devices. Although there will inevitably be a gap between the time that a security flaw is detected and a patch made, it is imperative in most cases that you keep your phone’s applications and operating system up to date.
For Apple, this is less of an issue as you can update and updates are supplied by Apple itself. I’ve always preferred to be in control of my device’s software (which is why I wish that a Linux-like operating system would “win” the smartphone wars), but even I am forced to acknowledge the benefits that Apple’s software approach has.
For Android this can be a challenge. One of the reasons why I recommend Qualcomm’s SOCs on Android right now is that there is a lot of Android Original Development, as they have provided the necessary documentation for AOSP development, which the other SOC vendors have refused to do. This means that the more popular Snapdragon phones will frequently have the latest AOSP (or AOSP based) supplied from XDA by various third party developers.
Otherwise, you are dependent on your manufacturer and carrier to supply updates. The problem is that they will inevitably stop updating as it is not in their monetary interests to do so. There are also likely to be delays between the time that their patches are rolled out and the time that you receive them.
The important thing though is that you keep your device up to date for security reasons. Often the latest software also has other optimizations as well that make it very attractive in terms of performance as well. This should apply for applications as well. The sooner you patch any vulnerabilities, the less time for any malicious individual to exploit any security gaps on your device.
I suspect that in the coming years, we will see increasingly sophisticated attacks on mobile devices. The sheer amount of data we have on them makes them a very vulnerable target.
Someday, I hope that we get a rethink of how we approach security on mobile devices, but until that day, we have to keep our devices up to date.