Why smartphone security is a luxury for those who can afford it

Firm buys and sells hacking tools
Firm buys and sells hacking tools

If you're a low-income American, there's a good chance you have an an Android. And unless it's a newer model with recent software updates, your security could be at risk.

Two competing operating systems own the real estate in our smartphones: Apple's iOS and Google's Android. Apple's phones are expensive -- the cheapest model starts at $400. Meanwhile, some Android phones cost less than $50.

The closed system Appl (AAPL)has built means that everyone who has an iOS device gets access to the same software and security updates at (about) the same time.

Android, though, is much more fragmented.

Mary Madden, a researcher with Data & Society, says low income people are more reliant on their phones as the primary form of internet access. This is how they pay bills, connect with friends and family, and access education and work opportunities.

"All of these differences in digital security are important because they can result in disproportionate levels of surveillance such as law enforcement monitoring during protests or a greater likelihood that low-income smartphone users will experience malware attacks," Madden told CNNTech.

More malware is written for Androids than iPhones. On top of that, almost half of the top 50 Android devices didn't have the most recent security updates by the end of 2016, according to Google.

Even if your phone is only a year or two out of date, it's vulnerable to some very simple hacks, says Nathan Freitas, a fellow at Harvard's Berkman Center for Internet and Society. "It doesn't take much for your adversary to get into your [Android] device, and that's a big problem."

android security cheap

When Google releases an update to Android, it takes a while to get to consumers, unless you have a Google-branded phone like the Pixel. Carriers and device makers customize Android with different apps and services, and there are at least 11 different versions of Android. Each customized version has to be updated separately by the carrier or device maker before rolling out to consumers.

Google (GOOGL), for its part, is constantly working to improve device security. Recently, it introduced Google Play Protect, which monitors Android devices and alerts you if there are security risks. And its line of inexpensive laptops -- Chromebooks -- are regarded by experts as some of the most secure computers you can buy.

Last year, the FCC and FTC launched an inquiry into mobile security updates, and asked mobile carriers and device manufacturers to explain the process of releasing security updates. The results have not been released, however the FCC told CNN Tech that they have received responses and are reviewing results.

Why this matters

Android is slightly more popular in the U.S. than iOS, with 53% of smartphone users on Google's operating system, compared to 45% on Apple. Globally, Android is significantly more popular -- almost 90% of phones shipped in the third quarter of 2016 ran Android. In India, 97% of smartphones are Android, Quartz reports, and many of them cost less than $100.

Related: This city is giving super-fast internet to poor students

But the demographics break out even further: College-educated people tend to buy iPhones over Androids; Androids are more popular with low-income Americans; and African-Americans are more likely to have an Android than an iPhone.

This gap between the security haves and have nots is often called the "digital security divide," which researcher Chris Soghoian described in a 2016 Ted Talk.

According to Malkia Cyril, founder and executive director of the Center for Media Justice, the digital security divide disproportionately affects communities of color, and having secure phones not only protects someone's data, but their rights.

Android fragmentation

Beyond security updates, there are other differences between the brands. Apple's default messenger is iMessage, which is encrypted when you chat with other iOS users. Texting on Android isn't encrypted by default, and full-disk encryption isn't mandatory on all Android phones.

Related: FCC blocks 9 companies from providing low-income internet access

The security differences between Android and iOS are also a problem for developers. People who build apps -- especially those with secure functionality -- have to build multiple versions for Android and potentially decide not to support outdated phones.

Florencia Herra-Vega, CTO at secure messaging app Peerio, says her team has to determine whether it's responsible to allow a customer to install the app if they're running an old, unpatched version of Android.

The problem with closed systems

Freitas, the Berkman Center fellow, is also head of the Guardian Project, an organization that creates secure mobile software. He educates groups in developing countries about mobile security and often switches them over to Android One, Google's low-cost Android devices available outside of the U.S. They are secure by default and run the latest version of Android.

But Freitas says that while Android can be less secure than iOS, it has benefits, especially in countries where app store content might be policed. Android allows something called "sideloading," which means you can install apps without downloading them from the Google Play Store or other Android app stores.

"The very thing that allows malware on Android phones also allows activists to access software that might be banned in their country," Freitas said.

CNNMoney Sponsors