How Frequently Do Vulnerabilites Affect Tls on Android?

Posted3 months agoActive3 months ago

CAPSLOCKSSTUCK

2 points

3 comments

Techstory

calmneutral

Debate

10/100

Android SecurityTls VulnerabilitiesMobile Firefox

Key topics

Android Security

Tls Vulnerabilities

Mobile Firefox

It's a bit of a hand-wavy question, but my Samsung S21 will get its last security update in January, and I was trying to figure out how many vulnerabilities/CVEs (say, in the past few years) would have affected the threat model I care about (mostly just TLS to my financial institutions).

Moreover, if I access the web through mobile Firefox (which is updated via the Play Store for longer than my phone gets system-wide security updates), how bad are the vulnerabilities really?

I found a study that brushes on some of these topics ("Common Security Vulnerabilities in Android Apps: A Comprehensive Guide" published in IJFMR), but I would be curious to see something like:

- a concrete vulnerability, even if it only affected a small number of Android devices - a combination of flaws that would have ostensibly allowed an attacker to get my credentials/access to my financial accounts - something affecting Firefox specifically

(Disclaimer) I'm upgrading to an in-date smartphone, but I just thought it would be a fun exercise since we always hear about the importance of updates minus the specifics . . . .

The author is wondering about the frequency and impact of TLS vulnerabilities on Android devices, particularly after their Samsung S21 stops receiving security updates, and how using mobile Firefox affects this threat model.

Snapshot generated from the HN discussion

Discussion Activity

Light discussion

First comment

19m

Peak period

0-2h

Avg / period

Key moments

01Story posted
Sep 23, 2025 at 10:38 PM EDT
3 months ago
Step 01
02First comment
Sep 23, 2025 at 10:58 PM EDT
19m after posting
Step 02
03Peak activity
1 comments in 0-2h
Hottest window of the conversation
Step 03
04Latest activity
Sep 24, 2025 at 7:10 PM EDT
3 months ago
Step 04

Generating AI Summary...

Analyzing up to 500 comments to identify key contributors and discussion patterns

Discussion (3 comments)

Showing 3 comments

leakycap

3 months ago

1 reply

Do you specifically want Android?

It takes a lot of work to have a secure device when you're using a carrier-subsidized Android device.

More than a lack up updates, personal choices like which apps you install/behavior like what websites and extensions you use/uses of the device like what type of network you connect to has more potential for security risks than the immediate lack of updates.

~~~

Request a copy of your data from Samsung via the account data request, open it in Excel, and tell me if you want to use anything they make for your personal confidential communication. I loved my Samsung device but a single request of my data export made me close my account and get rid of all the Samsung devices I owned.

CAPSLOCKSSTUCKAuthor

3 months ago

1 reply

My device is not locked and I don't have a Samsung account, but I generally agree with your assessment of the risk profiles of those activities.

leakycap

3 months ago

Without a Samsung account, there is still a shocking amount of data collected but I'm not sure how you'd go about getting a copy to inspect.

I don't enjoy iOS, but Android felt like an unreasonable risk considering the way it's put together by vendors and distributed.

View full discussion on Hacker News

ID: 45355676Type: storyLast synced: 11/17/2025, 1:11:00 PM

Want the full context?

Jump to the original sources

Read the primary article or dive into the live Hacker News thread when you're ready.

View on HN