Aardvark Daily

Please visit the sponsor!

Android's big problem

Google has fixed a major flaw in the way Android's security system works, and just in time according to the latest reports of malware in the wild.

Using this exploit, carefully constructed aps could bypass the inbuilt validation systems used by Android and install malware on a user's system without their knowledge. Given the huge number of android devices out there, this was clearly a potentially massive problem and it highlights one of the downsides of Android.

The problem is that most Android systems, unlike Windows, Linux or iOS-based ones, have no provision for updating the actual OS code. This means that a good percentage of those using devices that use Android are running outdated versions and have no way to upgrade or install security patches.

In the case of the latest vulnerability, Google has created an ap of its own that will scan downloads for signs of any attempt to exploit the weakness and all the aps in its own store will be pre-screened before being made available.

Never the less, buying an Android device generally means you'll be stuck in time with respect to your OS release and, unlike those using an iPhone for instance, you won't be able to upgrade to the latest and greatest version.

The effect of this can be clearly seen in the latest stats for Android use where it is revealed that the number of systems running Android Jelly Bean (aka 4.1/4.2) has only just overtaken the number using the earlier Gingerbread (2.3) release.

By comparison, most iOS users have already upgraded to the latest version of their software -- giving Apple a more consistent and more easily supported user-base.

Of course it could be argued that since the primary use for Android has (to date) been in mobile phones, this lack of ability to upgrade is relatively minor, given that a large percentage of mobile users regularly replace their phones anyway. However, the growth in tablet computers and Android-based set-top-boxes may make the strategy far less attractive.

There are some who believe that making the core OS immutable is in itself a security feature, effectively making it harder for malware to hijack those core functions or alter the code itself -- although this doesn't seem to be a strategy that has prevented most other OS vendors from providing an automated or on-demand update service.

What are readers' opinions?

Would you prefer that Android had the ability to update itself so as to patch vulnerabilities and allow enhanced core-OS functionality to be delivered to existing devices?

Please visit the sponsor!

Have your say on this...

PERMALINK to this column

Oh, and don't forget today's sci/tech news headlines

Rank This Aardvark Page

Change Font