Donald Trump continues to use his “old, unsecured Android phone” since taking office despite “the protests of some of his aides,” according to a report from The New York Times about how the new president is settling in to his routine. This contradicts another report from late last week that indicated Trump had given up the phone in exchange for a “secure, encrypted device approved by the Secret Service.”
It’s not clear exactly what kind of Android phone Trump uses—he has previously indicated that it’s a Samsung Galaxy device—or whether it has also been encrypted or otherwise hardened or what kinds of things he uses it for. Samsung’s Knox software is approved for “sensitive but unclassified use” by the US Department of Defense, so these phones are cleared for at least some kinds of government work when configured correctly.
How big of a deal is this? We don’t know anything about the phone’s configuration, but the state of Android security is notoriously poor compared to other operating systems like iOS or Windows, both of which are patched regularly by Apple and Microsoft with no interference from hardware manufacturers or wireless carriers. Google releases monthly security updates for Android, and Samsung is better than most about actually releasing those updates to its most recent devices (flagship phones tend to get monthly updates, midrange phones and most tablets get quarterly patches), but there is still often a gap of several days or weeks between when those security bulletins are published and when the patches are available.