Search Follow us

Latest news

Android security. Culture vulture

Security issues highlight more pressing problems Google is trying hard to fix the endemic security issues that continue to plague Android devices, but unfortunately it is making almost no progress. Since August 2015, it has been releasing monthly security updates to address the security flaws but there are two big problems.

First. Any security patches that Google makes to Android only apply to its own Nexus devices. These devices make up an insignificant proportion of the Android device population meaning that almost no-one receives the updates.

Second. The updates themselves have yet to address all of the known security issues in Android. For example, despite monthly updates the mediaserver (finds and indexes media on the device) remains critically flawed.

Google is playing a horrible game of whack-a-mole with this component as every time it fixes one flaw, another pops up. We have long discussed that Google’s inability to effectively manage Android security and its updates is rooted in its history as a server company. Whenever it wants to update its search algorithms it simply updates the code on the server and the job is done. Because devices run their own software, they have to be individually updated and it this is very different to the way Google has operated for many years. Consequently, it has taken a very long time to come to grips with this problem and we remain far from convinced that the issue is close from being resolved. In order to be effective, all Android devices need to receive these updates which bring in two more big problems.

First. Most Android devices are not updatable. Android is a commoditised, brutally competitive market meaning that in the mid-range every cent of cost matters. Making a device updateable means that extra resources have to be added which are never reflected in the price. Consequently, the vast majority of these devices are not updateable to later versions of Android as there is no incentive for the device maker to add this capability.


News more