In late October, researchers at North Carolina State University alerted Google to a security flaw that could let scam artists send phony text messages to Android phones — a practice called "smishing" that can ensnare consumers in fraud.
Google's security officials replied in minutes, confirming the flaw and promising to correct it. Within days they had incorporated a fix into the latest version of the Android operating system, Jelly Bean 4.2, and made available a security update for earlier versions.
But for most Android phones, the fix never arrived. For many, it never will.
With your current subscription plan you can comment on stories. However, before writing your first comment, please create a display name in the Profile section of your subscriber account page.