Android Security: non-sequitur?

[Grall]

Google says that the bug is fixed in Android 2.2.2 and later, but there are still a large number of users at risk because their handsets runs a previous version of the operating system. Google is making a patch available, but it's going to be up to the carriers and handset makers to make sure that the patch gets deployed. In light of the mobile industry's poor track record updating Android phones, it's possible that this flaw will continue to be exploitable on a considerable number of handsets.

Full article here.

Google fixes bugs, but handset makers and carriers don't bother to update customers' phones. This (undoubtedly greed-driven) laziness is a serious threat to android users, but also in the long run, android as a platform in itself. This isn't the first time news like this has surfaced, and we know many android phones have stopped receiving updates in less than a year after purchase; some models in as little as just over six months I've heard alledged!

To me, this is a clear indication that google's model has failed, and that they need to mandate software updates and push them out from a central location like microsoft and apple does, instead of relying on multitudes of disinterested companies.

Also, allowing 3rd party app stores for android gives huge opportunity for malware to spread and exploit essentially wide-open, unpatched phones; these two issues compound each other in very serious ways IMO.

This is one reason (along with hardware, feature and software version fragmentation) why I did not buy an android phone. What are your views on this and related subjects?

 

[metafor]

I hear this argument a lot and I would point to how well WP7 has been received by the handset vendors as proof of how much power they have.

While it may be a better model for the consumer, handset manufacturers are scared witless about phones becoming another PC market; their profit margins would drop due to commodity. They don't want software standardization. And seeing as none of them have the organization nor willingness to push a software ecosystem like Apple does, I'd say what we have to day is about the best that can be hoped for.

Nokia might be able to pull something here, but we'll see. The other Android manufacturers are pretty much going to sell handsets as standalone gadgets; a model that works and is profitable, but ultimately bad for the consumer.

 

[digitalwanderer]

My Zio bricked at the 2.2.0 update and I'm still trying to get it fixed.

 

[MfA]

Also, allowing 3rd party app stores for android gives huge opportunity for malware to spread and exploit essentially wide-open, unpatched phones; these two issues compound each other in very serious ways IMO.

Google should have had a default setting to only install applications co-signed by Google (the signing is the important part, so they can have a centralized blacklist, whether you get the application from the store or say a SD card doesn't matter).