Tag Archives: Security

No Android OS Updates, a Security Flaw

Android Logo

Tom Simonite writing for MIT Technology Review, is taking Google to task for not having a standard method for updating Android on cell phones. His point is that because Google has left themselves no way to update the core OS on an Android phone quickly, they themselves built a giant security flaw into Android. I have to say I do agree with him.

The Google update model of Android has remained unchanged since its inception. Versions are almost fully tied to the smart phone they are on. The carriers have all the power to ruin, crap up, and deny pushing a release to any phone. Just the sheer breadth of hardware Android runs on makes it impossible for Google itself to update the OS. Couple that with the fact that all of the engineering and testing involved for a patch to a phone has no economic incentive for the handset maker. All this leads to a system where the phone you buy has the OS that came with it until the day it dies.

This system harkens back to the Windows Mobile days. Microsoft at the time would be rolling out patches and updates to the OS that were doing things like enabling on device ActiveSync or better browser features. The problem became the only way to get these new features (save for a few flagship models) was to buy a new phone. And because MS would not release things like a roadmap or new information, you could drop five or six hundred dollars on a new phone that would be out of date the next day. It was this aggravation that had me switch to Apple many years ago when I got tired of using the ancient OS on my Palm Treo. Android would never be updated on the current phones and iOS was gaining new features on old hardware. Having been bit before, I begrudgingly(at the time) decided to make the leap.

Google themselves have tried to address this issue numerous times with different programs such as the Open Handset Alliance. The problem with all of these programs is that they don’t have any benefit to those that bear the burden of the program. The carriers don’t care and have to spend money to certify new OS versions. The handset manufacturers don’t care as they have to spend money on engineering, testing, and distributing the fix. And in all honesty does Google really care? They get no money from Android itself, and so long as the current version out there can send them ad revenue and information, why would they bother.

Unfortunately I think it is going to take a massive security flaw that actually affects people before any of the parties involved really are forced to come up with a viable solution. Google can say that it wants to fix the problem and come up with a solution, but I feel that until the brand takes a major hit, nothing will come of it.

Link: https://www.technologyreview.com/s/539766/the-security-flaw-google-built-into-android/