Waiting for Android’s inevitable security Armageddon

by
Ron Amadeo
from Ars Technica - All content on (#GNA9)

We're on day who-the-heck-knows of the Android Stagefright security vulnerability, and there's really no point keeping track of the days because no one's going to fix it. The Android ecosystem can't deal with security, and it won't change until it's too late.

Android was originally designed, above all else, to be widely adopted. Google was starting from scratch with zero percent market share, so it was happy to give up control and give everyone a seat at the table in exchange for adoption. The sales pitch was simple: "Apple locked you all out of the iPhone and with Microsoft you're just a customer, but on Android, you'll all have a say in the end product." The open source nature of Android allowed anyone to adapt its code to their hardware, and OEMs and carriers could (theoretically) alter or fork it to their hearts' content.

Now, though, Android has around 75-80 percent of the worldwide smartphone market-making it not just the world's most popular mobile operating system but arguably the most popular operating system, period. As such, security has become a big issue. Android still uses a software update chain-of-command designed back when the Android ecosystem had zero devices to update, and it just doesn't work. There are just too many cooks in the kitchen: Google releases Android to OEMs, OEMs can change things and release code to carriers, carriers can change things and release code to consumers. It's been broken for years.

Read 18 remaining paragraphs | Comments

index?i=HqYeEeOLyTI:8_q6JB1zKAA:V_sGLiPB index?i=HqYeEeOLyTI:8_q6JB1zKAA:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zAHqYeEeOLyTI
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments