Android and device developers: If you have a Google Pixel smartphone, your phone is safe from a security gap that could leave a PNG file completely destroying your system. If now your device is any other Android-powered device, then your phone is vulnerable.
Of course it is problem for Android.
Google has recently released a security update for Pixel devices, which closes a blank space that allowed malicious PNG files to "run arbitrary code with administrator privileges."
In other words, malicious code can run with very high privileges while all you do is open a png file.
This means that any PNG that comes to your device (with an email, messaging application or even MMS) could potentially violate the system and steal sensitive data on any non-Pixel phone.
The phones of Samsung, LG, OnePlus and many other manufacturers are still at risk of vulnerability.
The problem is not new. This is something that we have known for a long time, and continues to worry all its users Google software. As long as new vulnerabilities appear, late security updates will always be a very serious problem.
The "fragmentation" of Android has long been a very problem especially for operating system updates. Of course we are not talking about updates that add new features, but updates to the code that protect your personal data. Whether they are minor or not, these updates should not be ignored by any manufacturer.
Security updates are not as huge as new feature updates. They are released every month by Google, so they are much smaller and easier to install on the system - even for third parties. So while we hear excuses for not installing, it seems to be purely a matter of manufacturers' priorities.
New vulnerabilities points will exist constantly, and no one wants to risk their data. However, no one requires immediate updates from the device manufacturer as soon as they are available from Google.
Vulnerability with PNG is just one example. Every month security loopholes are discovered, and most manufacturers are releasing the updates months later. So your data remains exposed for a much longer period of time.
Here does not seem to be an easy answer for how you can fix things. Perhaps because it does not exist.
Until the manufacturers begin to take your safety and your data more seriously, there is only one answer: buy a different device. Apple and Google have shown that they are interested in user data, so iPhone and Pixel seem to be great choices for those who want and need more security.
It may sound a cliché but it is time to vote with your wallet. Do not buy devices from manufacturers who are not interested in your data. It is the only way to understand the seriousness of the matter.