DHS warns of vulnerabilities in millions of smartphones "AT&T, Verizon, Sprint, and T-Mobile customers could be at risk" -- so basically everybody August 08, 2018 https://www.techspot.com/news/75880-dhs-warns-vulnerabilities-millions-smartphones.html
Nothing new here. Android itself is flawed due to it getting updates from the phone manufacturer instead of the OS developer, Google. Hell, not even Google are good at this. 3 years of updates for a Pixel XL 2 that costs €900 where I live? It's laughable.
So I guess that I'm not the only one here waiting for Purism's Privacy-Focused Librem 5 Linux Phone with GNOME 3.30 https://news.softpedia.com/news/pur...-to-look-beautiful-with-gnome-3-30-522277.sht
I deliberately avoided anything apple in this department explicitly because they were such open targets so I chose Android models. If there is an upside for anyone owning android, it is that if they have all the available time to spare, (which most don't) they can make their own security a whole infinitely lot better learning that O/S-rooting-and apply safety tweaks that the vendors will never inform them are there. @Beyonder is quite right in that regard. The updates from the phone manufacturer instead of the OS developer just as well not be there in the first place.