Better Late than Never: Android Makers to Push Monthly Security Updates

by Matt Klassen on August 13, 2015

While for many the name Android is likely synonymous with smartphones, given the platform’s global dominance, in the tech world the operating system moniker has become virtually indistinguishable from something quite different: security vulnerability. As I wrote several years ago already, while some of the greatest strengths of Google’s free open source Android platform are its versatility and accessibility, the resultant fragmentation of the OS is also one of its greatest weaknesses, as the torrent of Android malware continues its exponential growth virtually unabated.

Simply put, with so many partners in the Android ecosystem creating so many different Android devices running so many different versions of the mobile operating system, it is exceedingly difficult to close the security vulnerabilities of a platform that has more faces than the Greek god Janus. The result has been a platform mired in privacy and security scandals, the focus of the vast majority of malware intrusions and mobile cybercrime.

Now following the revelation that an Android super vulnerability has been discovered, one that could potentially affect 95 percent of all Android phones, both Google and its Android partners have finally seen the need to move faster when it comes to security updates, announcing that going forward the search engine giant and its largest Android partners will start pushing monthly security fixes for the platform full of more holes than a slice a Swiss cheese.

“We’ve realized we need to move faster,” Android security chief Adrian Ludwig said at this week’s annual Black Hat security conference in Las Vegas, following the publicity surrounding the revelation of Stagefright, the  “mother of all Android vulnerabilities.” While such regular security updates are critical to establish some level of user safety, the lamentable fact is that Google’s realisation is about three years overdue.

Granted this isn’t all Google’s fault, as the company has left the management of security patches largely to the discretion of its Android partners; not wanting to dictate too much to companies deploying the operating system. But that, as mentioned, has left Android fragmented and broken, lacking the cohesive unity we see in other platforms like Apple’s iOS. With so many disparate versions of Android running on so many disparate phones, plugging all the vulnerabilities has become a hopeless task.

Not only that, but the fact that security updates are often never downloaded at all and the proliferation of suspicious third-party apps means that users play an active role in Android’s vulnerability as well, simply one more contributing factor in the platforms vulnerability to malicious software.

All that to say, starting immediately the likes of Samsung, LG, and Google itself will begin rolling out regularly scheduled security updates, the first of which will directly combat the Stagefright vulnerability (it should be noted smaller Android partners are releasing fixes for Stagefright in particular as well), hopefully closing that particular hole before the details of the exploit are made public later this month.

Did you like this post ? TheTelecomBlog.com publishes daily news, editorial, thoughts, and controversial opinion – you can subscribe by: RSS (click here), or email (click here).

Written by: Matt Klassen. www.digitcom.ca. Follow TheTelecomBlog.com by: RSS, Twitter, Facebook, or YouTube.

Comments on this entry are closed.

Previous post:

Next post: