SECURITY: CIA Leak Reveals Gaps in Patchwork of Android Software.

The CIA appears to have been exploiting vulnerabilities in Android smartphones and other devices for years, according to the WikiLeaks documents, though it is unclear which versions of Android could be affected. Google said late Wednesday that after a review of the WikiLeaks documents, it was confident Android security updates “shield users from many of the alleged vulnerabilities.”

But Google data shows only 2.8% of Android devices run the latest software, released in August, which has the most up-to-date patches. Millions of Android phones run years-old software, sometimes with widely known security gaps. Indeed, nearly two-thirds of Android devices use software released in early 2015 or earlier. The WikiLeaks documents were taken from the CIA from 2013 to 2016.

This disconnect between Google (which produces security updates promptly) and carriers (who don’t always make those updates available for a variety of reason) has been known for a long time. The CIA hacking story just highlights it.

If Android is your preferred mobile operating system and if security is important to you, consider going with a “pure Android” brand like Nexus or one of the Google Play Edition phones from other manufacturers. Those models do receive timely new versions, updates, and patches.