Android Fragmentation Equals Android Insecurity

My recent TIME.com column on Android fragmentation didn’t provide an exhaustive list of reasons to be frustrated by the degree to which the Android ecosystem is dominated by old versions of the software. In fact, I didn’t mention one of the biggest ones: Old versions of Android don’t have the newest security fixes, and are therefore potentially dangerous.

Now a security company called Bit9 has released what it calls the Dirty Dozen List of insecure smartphones. They’re all Android models running old versions:

Samsung Galaxy Mini
HTC Desire
Sony Ericsson Xperia X10
Sanyo Zio
HTC Wildfire
Samsung Epic 4G
LG Optimus S
Samsung Galaxy S
Motorola Droid X
LG Optimus One
Motorola Droid 2
HTC Evo 4G

Bit9 explains its methodology–which looks pretty serious to me–in this PDF.

Whenever I gripe about Android fragmentation, I hear from people who tell me that I’m all worked up over nothing. (Typical comment: “Mr. McCracken, like so many tech journalists, you have totally missed the point here. Believe it or not, Android “fragmentation” is not the massive problem it’s made out to be.”) But I’d like to hear anyone explain to me why this isn’t anything to be concerned about.