Android security issues highlight more pressing problems

Written by on May 4, 2016 in Opinion with 0 Comments
Android mascots lined up. REUTERS/Beck Diefenbach

Android mascots lined up.
REUTERS/Beck Diefenbach

Google is trying hard to fix the endemic security issues that continue to plague Android devices but unfortunately it is making almost no progress.

Since August 2015, Google has been releasing monthly security updates to address the security flaws but there are two big problems.

  • First.Any security patches that Google makes to Android only apply to its own Nexus devices. These devices make up an insignificant proportion of the Android device population meaning that almost no-one receives the updates.
  • Second.The updates themselves have yet to address all of the known security issues in Android. For example, despite monthly updates the mediaserver (finds and indexes media on the device) remains critically flawed.

Google is playing a horrible game of whack-a-mole with this component as every time it fixes one flaw, another pops up.

I have long believed that Google’s inability to effectively manage Android security and its updates is rooted in its history as a server company.

When Google wants to update its search algorithms it simply updates the code on the server and the job is done.

Because devices run their own software, they have to be individually updated and it this is very different to the way Google has operated for many years.

Consequently, it has taken Google a very long time to come to grips with this problem and I am far from convinced that the issue is close from being resolved.

To be effective, all Android devices need to receive these updates which brings in two more big problems.

  • First. Most Android devices are not updatable. Android is a commoditised, brutally competitive market meaning that in the mid-range every cent of cost matters. Making a device updateable means that extra resources have to be added to the device which are never reflected in the price. Consequently, the vast majority of Android devices are not updateable to later versions of Android as there is no incentive for the device maker to add this capability.
  • Second. Google has no control over the update process for any of the devices that run its services. It can update Google Mobile Services (GMS) from Google Play but lower level system updates (Android) are controlled by either the maker of the device or the mobile operator.

Consequently, I think that Google has to take control of Android because in its current state, it is very unsecure with no scope for improvement.

I continue to believe that this may happen in 2017 as Oracle has provided Google with the perfect excuse to do so (see here).

This would result in a series of proprietary ecosystems based on an Android kernel of which GMS, Cyanogen and MIUI would be three.

Google still has another good year ahead of it thanks to the underlying growth of Android users, but the medium term urgently requires for this problem to be fixed.

I prefer Samsung and Microsoft to Alphabet in the long-term, although the immediate term for Alphabet continues to look good with absolute user numbers still growing very nicely.

Tags: ,

About the Author

About the Author: Dr Richard Windsor is the founder of Radio Free Mobile which is an independent research provider. The research helps clients to understand and evaluate the players in the digital ecosystem and presents a unique perspective on how all the pieces fit together in an easy to read and digest way. The product is available on a subscription basis and counts members of the handset, telecom carrier, Internet, semiconductor and financial industries as its subscribers. RFM is the land of the one man band meaning that Dr. W. also makes the tea. .


If you enjoyed this article, subscribe now to receive more just like it.

Subscribe via RSS Feed

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: