Link

Waiting for Android’s inevitable security Armageddon

Waiting for Android’s inevitable security Armageddon:

Android has around 75-80 percent of the worldwide smartphone market—making it not just the world’s most popular mobile operating system but arguably the most popular operating system, period. As such, security has become a big issue. Android still uses a software update chain-of-command designed back when the Android ecosystem had zero devices to update, and it just doesn’t work. There are just too many cooks in the kitchen: Google releases Android to OEMs, OEMs can change things and release code to carriers, carriers can change things and release code to consumers. It’s been broken for years.

This editorial was written over a year ago. And it’s as true, today, as it was the day it was written. Imagine if car companies just kept releasing the same dangerous, flawed, and fixable devices despite rampant car crashes, accidents, and other mishaps.

That’s Google today, as it continues to push flawed versions of Andrew, and today’s OEMs (e.g. Samsung, HTC) and carriers (e.g. Rogers, AT&T, Vodafone). The insecurity of Android constitutes a basic safety and human rights issue at this point given how states exploit Android vulnerabilities to target dissidents, journalists, academics, writers, and the public more generally. And yet none of the core parties reponsible for these major security failures are making genuine efforts to actually fix the problem because they don’t think they have to care.