In late October, researchers at North Carolina State University
alerted Google to a security flaw that could let scam artists send
phony text messages to Android phones — a practice called
“smishing” that can ensnare consumers in fraud.
Google’s security officials replied in minutes, confirming the
flaw and promising to correct it. Within days they had
incorporated a fix into the latest version of the Android
operating system, Jelly Bean 4.2, and made available a security
update for earlier versions.
But for most Android phones, the fix never arrived. For many, it