Tens of thousands of smart phone buyers every day chose Android handsets for their price and the availability of applications.

The variety of phones and apps is what draws them to the Google mobile ecosystem. But Android’s flexibility is also a weakness — the number of versions of the OS released, the ability of handset makers and carriers to customize it means Android is less secure than other platforms.

That’s the main reason why a number of enterprises won’t let staff touch Android — and why Samsung Electronics has come up with its own solution, the Knox mobile management platform.

All this is background for word that Google has finally issued a fix for a vulnerability discovered in February.
(Samsung’s Galaxy S4)

According to LinuxInsider, the bug lets attackers modify Android apps into Trojan apps with out breaking their APK signature key.

While Google says it scans Google Play for this and other vulnerabilities, the danger is Android users will download apps from other sources that could be infected.

The latest version of Android, 4.2, verifies that downloaded apps are malware-free. But that doesn’t cover earlier versions.

So far, Android hasn’t been hurt by this. But one has to wonder how long it can continue to allow the OS to fracture. At some point it may have to follow the lead of Apple with iOS and Microsoft with Windows Phone and make an operating system that can be upgraded the same as a desktop OS.