BEST OF THE WEB

Google, Samsung to issue Android updates faster

One of the problems with the Android is the fragmented ecosystem — not only are there several versions of the mobile operating system in devices on the market, wireless carriers take a scattershot approach to issuing updates to subscribers.

This causes CISOs no end of grief, particularly if they allow staff to use their own devices on the network.

But after a number of revelations of vulnerabilities, Google announced Wednesday it is starting to take the problem more seriously. It said patches for the recently-discovered Stagefright SMS vulnerability (see Related Articles) are now being issued, and that security updates for its Nexus devices — which get updates directly from Google and don’t need carrier clearance — will now be issued monthly.

At the same time Samsung said it will soon issue updates faster for Galaxy devices running Android, perhaps as fast as once a month. Samsung still has to negotiate with carriers on this new strategy. Details on which models will get faster updates has yet to be determined, but it’s a good bet that the newer handsets will see the updates.

That still leaves owners of Android devices from manufacturers like LG, HTC, Sony, Motorola/Lenovo and others completely dependent on their carriers for whether they get OS updates.

In a blog  Adrian Ludwig, Google’s lead engineer for Android security and Venkat Rapaka, director of Nexus product management, said the latest security update is now available for Nexus 4 through 10 devices, plus for Nexus Player.

“This security update contains fixes for issues in bulletins provided to partners through July 2015, including fixes for the libStageFright issues. At the same time, the fixes will be released to the public via the Android Open Source Project. Nexus devices will continue to receive major updates for at least two years and security patches for the longer of three years from initial availability or 18 months from last sale of the device via the Google Store.”

In a statement from Samsung, Dong Jin Koh, executive vice-president and head of mobile research, said because of recent Android vulnerabilities the company has found a faster way to deliver patches. “We believe that this new process will vastly improve the security of our devices and will aim to provide the best mobile experience possible for our users.”

This is a good start, but there are many carriers — including ones in Canada — that are letting Android subscribers down by not putting a greater priority on pushing updates out to users. It’s not enough for them to tout network security. Devices they sell have to be secure as long as subscribers are on that network.

According to Google, about 18 per cent of Android devices on the market run version 5.0 and up (Lollipop) of the OS. Just over 39 per cent are running v.4.4 (KitKat) and 33.7 per cent are running versions 4.1 to 4.3 (Jelly Bean — which dates back to the summer of 2012).

Carriers that do issue updates are likely doing so only for Lollipop.

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web