Patching the Holes: Blackberry Promises Prompt Android Security Updates

by Matt Klassen on November 5, 2015

The longstanding problem with the Android mobile operating system has been the multitude of security vulnerabilities generated by both the number of versions of Android running around the world and the availability of timely security patches for those versions and those vulnerabilities. The result of such fragmentation has long been an Android ecosystem rife with malware, much to the chagrin of the enterprise sector.

Now Blackberry, the latest Android acolyte, has joined select other Android partners in promising timely security fixes, building on a recent blog post that said it was “critical” to find and fix Android flaws in a timely fashion, attempting to reassure a sceptical enterprise sector about the security of the platform.

Not only that, but given that security updates are usually sent over the network on the timetable of the respective wireless carriers, not the smartphone manufacturers themselves, has often left users frustrated at the slow response. To answer that, Blackberry has promised its clients that in certain critical situations the company will offer a “hotfix,” bypassing the need for carrier approval altogether.

Granted the issue of Android security updates isn’t as dire as it once was, as Google announced earlier this year a new policy to disclose vulnerabilities in its popular platform and provide monthly security updates to its own branded Nexus phones. Samsung and LG quickly followed suit, promising to push the updates and patches to their own clients in the same timely manner. Other smaller Android partners like HTC were simply left to cry over such “unrealistic” targets.

Now Blackberry has joined the ranks of those interested in getting their clients prompt and efficient updates to one of the most flawed operating systems ever created, hoping that by stemming the tide of malware that the company can maintain its reputation for enterprise security while growing its client base by deploying an Android phone.

But even this newly updated security patch system may still not be satisfactory for enterprise; prompting Blackberry to take matters into its own hands, saying that in times when a vulnerability is being actively exploited the company will bypass the need for carrier approval to rollout the patch through the use of a “hotfix.”

“Because a hotfix is typically limited in scope, the balance between a longer testing and approval process and the risk from the critical flaw makes this approach an important addition to helping keep users safe and secure,” said BlackBerry chief security officer David Kleidermacher.

In fact, Kleidermacher noted that depending on the complexity of the problem, Blackberry clients could receive the patch within 24-hours, again both by working with carriers to expedite the process of pushing updates, but again adding, “There are cases where we will apply this over-the-air fix, without carrier approval, if we deem it necessary.”

All that to say, what we’re seeing here is a security-conscious, enterprise-oriented company embracing an operating system that for years now has taken neither security nor enterprise considerations seriously. But given the widespread popularity of Android, Blackberry is now trying to make the best of a tough situation, finding what ways may be available to make Android more palatable for the enterprise sector.

Did you like this post ? TheTelecomBlog.com publishes daily news, editorial, thoughts, and controversial opinion – you can subscribe by: RSS (click here), or email (click here).

Written by: Matt Klassen. www.digitcom.ca. Follow TheTelecomBlog.com by: RSS, Twitter, Facebook, or YouTube.

Previous post:

Next post: