While no easy solution is in sight, Android malware is on the rise, which increases the risk to users with unpatched phones, Wang said. However, mobile malware is not at the level of maturity as malicious apps built to exploit vulnerabilities in PCs, so the danger to Android users is far less.
"You can survive not having updated your phone OS for some time, but you cannot survive if you don't update your [antivirus] or OS patches for your PC," Wang said.
The level of risk to Android users is a longstanding debate in the industry. While antivirus vendors are a steady source of threat research, Google has said they are hyping the risk to sell their products.
Sign up for Computerworld eNewsletters.