Silicon Shecky

Infosec Practitioner

  • About
  • Categories
    • General
    • Computers
    • Software
    • Rants
    • Security
    • Internet/Music
    • Reviews
    • Microsoft
    • Hardware
    • Mobile Computing
  • Links
    • Infosec
      • Burbsec
      • Infosec Exchange Mastodon
      • Hacks4Pancakes Blog
      • Krebs On Security
      • Bleeping Computer
  • Archives

Connect

  • Bluesky
  • LinkedIn
  • Mastodon
  • RSS
  • Twitter

[footer_backtotop]

Copyright © 2025 ·Sixteen Nine Pro Theme · Genesis Framework by StudioPress · WordPress

Android Security: Google or Carriers issue?

January 16, 2015 By Michael Kavka Leave a Comment

In the world of Android a couple of disturbing articles have come out recently. Google is no long patching 4.3 (Jellybean) and earlier versions. Also the amount of malware for Android increased by 75% last year. This begs, who is to receive blame on the vendor side?

We all know people do not patch apps. Maybe they don’t like “new” terms that come with the update (most terms are the same as the prior versions). A lot get not the best information. Patching is important, and we all know that. In the world of PC’s we all know about Patch Tuesday (Microsoft, Adobe), and know how long it can take Apple to patch flaws in OSX and iOS (which they completely control and is out of the carriers hands). So what about Android, the worlds most popular phone OS?

The announcement this week that Google is no long patching WebView for versions 4.3 and earlier started me thinking more about this. Yes, Google is “abandoning” 930 Million users. Yes, They come out with new versions of Android so fast that the OS is fractured all over the place. The question is though, is Google doing the right thing? I personally think so. The reasoning why places a bunch of blame on the carriers.

Outside of iOS (iPhone), the carriers control when consumers get updates to their Android (and Windows) phones. In the world of Android, Google announces a patch, update, new version, then it gets sent to the device manufacturers. They have to test against their hardware and customization that they have done to Android for their devices (the look and feel of the OS you see). Then it gets sent to the carriers (Verizon, AT&T, Sprint, etc.) where even more testing has to be done against the carriers modifications to the OS (special built in apps, their radios, any network lock downs or features such as tracking cookies). Basically once Google releases the new version/patch/update getting it onto most peoples phones is out of their hands, the exception being the Nexus devices which Google controls. The longer an update take to get out there, the more chance there is for a breach. The easier it also may be for malware to get on the phones, and could be a reason the amount of malware for Android increased by 75% last year.

So the question arises, why does it take so long to hit our phones. the obvious and simple answer to me is money. Why bother pushing patches and updates, let alone new versions of the OS to phones especially ones that are only a year or two old, when you can try to force people to get new hardware, and either extend or get new contracts to get the latest? Security as a Service you can almost think of it as, but not quite. Seriously, the carriers have a cash cow on their hands with Android and doing things this way. The lastest verion of iOS is out and works on phones that are years old. Apple has it available for those older phones through their updater, although some features may not work on the older phones, it is still available. I am by no means an Apple fan, but the control they have over their updates is what Google needs to have over Android. The carriers don’t care, and won’t unless they lose some major lawsuit because someone’s phone got hacked due to a security update not having been available for that model. When I tweeted to my carrier (Verizon) about this, they sent me a link to their “news” page which has no information on updates. I also tweeted them back as they asked about what I was looking for (latest Windows Phone update, Android Lollipop) for specific devices. Never heard back from them.

The bottom line on this, from my perspective, is that both Google and the carriers are to blame. Google is to blame, not for not patching, but for not controlling the push out of patches and updates to the OS, and the carriers for not pushing out updates and patches in a timely fashion. Until this gets resolved, Android is going to stay heavily fragmented, and security for everyday peoples phones is going to be shaky at best.

Filed Under: General Tagged With: Android, AT&T, Google, Security, Sprint, T-Mobile, Verizon

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

RSS Taggart Institute Intel Feed

  • ParkMobile pays... $1 each for 2021 data breach that hit 22 million October 5, 2025 Ax Sharma
  • Federal judge blocks Trump's National Guard mobilization in Oregon October 5, 2025 Chris Geidner
  • Using .LNK files as lolbins October 4, 2025 adam
  • Leaked Apple iPad Pro M5 benchmark shows it's faster than some laptop CPUs October 4, 2025 Mayank Parmar
  • Leaked Apple iPad Pro M5 benchmark shows massive improvements October 4, 2025 Mayank Parmar
  • Just days before its data might be leaked, Qantas Airways obtained a permanent injunction October 4, 2025 Dissent
  • ChatGPT social could be a thing, as leak shows direct messages support October 4, 2025 Mayank Parmar
  • The Case for Alien Life on Saturn’s Moon Just Got a Boost October 4, 2025 Becky Ferreira
  • OpenAI rolls out GPT Codex Alpha with early access to new models October 4, 2025 Mayank Parmar
  • OpenAI wants ChatGPT to be your emotional support October 4, 2025 Mayank Parmar

Browse by tags

Active Directory Android Antivirus Apple Beta Chrome Computers Exchange Exchange 2007 Firefox General Thoughts Google InfoSec Internet Explorer iOS iPad IT Linux Mac Malware Microsoft OS OSx Patches Rants SBS SBS 2008 Security Security Patches Server SMB Software Support Surface TechEd Tweets Ubuntu Verizon Virus Vista vulnerabilities Windows Windows 7 Windows 8 XP