Android Security is Still a Huge Problem

Thomas Wellburn
April 4, 2017

According to data found in Google’s annual 2016 security report, the number of potentially harmful applications (PHAs) effecting Google devices is still an inherent problem within the Android operating system.

The 2016 report states that 0.71% of Android devices have had a PHA installed in Q4 2016  versus less than 0.5% of devices during 2015. The newer results are only for one quarter but still show that security is a primary concern within the world’s leading operating system. If you’re thinking that PHA only includes applications found outside the Play Store, think again. Research by Virginia Tech University recently discovered that 23,495 of the most popular applications found in the Play Store have been ‘colluding’ data. This includes personal information such as Contacts and Geo-location. All of this can be achieved without the users permission.

Most of these problems lie with security updates, which happen because of device fragmentation. Having such an open-source OS has plenty of positives, but trying patch thousands of different devices quickly becomes a problem. Samsung has over ten handsets currently available, LG about the same. These are sold by hundreds of carriers across the world, who may or may not include their own software on the handset. They also typically use a modified OS, be it LG UX and TouchWiz for Samsung. That amounts to thousands of variations in code, which all needs to be taken into account when releasing a patch. Google has no control over this aside from informing manufacturers and developers of the issue at hand. It’s then up to those guys to sort out an update for their own hardware, as the underlying OS can vary quite widely. It’s no lie that those running a near-stock experience often release security updates faster. Many manufacturers prefer to test their own software in-house before rolling it out the public, leading to a longer rollout. When you throw a customised launcher into the mix, this gets even more complicated. Android Nougat is installed on less than three percent of the overall market, a truly terrible figure. Compare this to iOS 10, which is now on almost 80 percent of all Apple devices, and the answer is very clear. Fragmentation is the main issue to blame here.

Closer relationships with device manufacturers and chip developers in the last year has lead to a faster release date for critical security patches, though this has only really helped flagship handsets. Around half of the lower-tier devices still run on outdated software, putting them at serious risk. Even so, most handset manufactures only commit to flagship security updates for two years, which they consider to be the life-cycle of the product. Anyone owning a handset longer than this should expect a gradual lack of support. Google doesn’t have a solution for any of the above, despite trying for years to come up with an answer. Previously, the company even considered a plan to publicly name and shame mobile carriers and device makers who drag their feet with important updates… Not exactly a way to encourage people to adopt. Those wanting the latest critical updates on time have very little options aside from purchasing a Nexus or Pixel device, which Google has committed to providing monthly security updates for these handsets since 2015.

About the Author

Share this article