Another new kernel flaw that Google won't fix for Android users prompts more switching to Apple's i
A new kernel privilege escalation flaw discovered in the Linux kernel requires server operators to install a patch, but is not going to be fixed for the majority of Android users. After record numbers switched to iOS last quarter, Google's inability to update its user base is inciting switchers to move to iPhones even faster.
A new 0-Day flaw discovered by Perception Point Research has existed since 2012, long enough to have to spread vulnerability across "tens of millions of Linux PCs and servers, and 66 percent of all Android devices."
As noted in a report by Dan Goodin of Ars, the flaw allows unprivileged apps to "gain nearly unfettered root access," including access to camera, microphone, GPS location and personal data.
Having been discovered, the flaw is relatively easy to fix for most desktop and server users, but requires a kernel patch on Android that most users of phones, tablets and other devices are unlikely to ever get.
Despite releasing a new version of Android last fall alongside iOS 9, Google still only reports that a tiny fraction of its installed base has gained access to it--in stark contrast to the 75 percent majority of iOS users who are now on the latest software from Apple.
Android's problem caused by the fragmented accountability of carriers, hardware makers and Google itself to create, test and distribute updates for their customers after the initial sale.
Source: Google
Android's problem is even more serious in China, where reportedly just 20 percent of the installed base has upgraded to software newer than 2014, despite high volume sales of new hardware. Even Android licensees in the U.S. frequently sell outdated hardware with old versions of Android installed on them, with no plans to ever service users with necessary updates and security patches.
"Android/Google needs to fix their update model," wrote a 'reader favorite' commenter at Ars. "Most Android phones with this bug will never be fixed. It is getting more and more difficult to not actively recommend that people avoid Android for Windows Phone and Apple iOS."
Another stated, "I really really really wish Google would solve the Android update problem. These bugs will happen, and it's impossible to ask developers to always create perfectly secure code. It's really irresponsible to have no way to quickly roll out fixes to your customers. There have been so many security issues with my Android phone, and none of them would be a big deal at all if they could just roll out a fix quickly! Instead I just feel frustrated."
Google did make an attempt to address the issue in the Android Update Alliance, an initiative from 2011 to get hardware makers to commit to at least a year and a half of software update support for their new phones. But it couldn't even win that minor concession from its partners. Hardware makers are actually incentivized not to update old products because this could make their new offerings less attractive (and less necessary to buy).
When Samsung released its Knox software aimed at securing Android enough to sell to enterprise buyers, it only distributed on its newest and most expensive models.
Last summer at the outbreak of Stagefright (a flaw that enabled attackers to compromise Android devices by simply sending a text message), Android enthusiast Lorenzo Franceschi-Bicchierai wrote "In many ways, Android is great. I love its open source ethos and the ability one has to customize it. But I can't take it anymore for one simple, but really fundamental, reason.
"Google still has very little control over software updates, and Android users are basically at the mercy of their carriers and phone manufacturers when it comes to getting updates or new operating system versions."
He cited a tweet by security researcher Nicholas Weaver: "Imagine if Windows patches had to pass through Dell and your ISP before they came to you? And neither cared? That is called Android."
In November, Chris Soghioan, the principal technologist for the American Civil Liberties Union, described Google's lack of updates--combined with its lack of user privacy and data collection--as a "digital security divide," adding that "the security people I know at Google are embarrassed by Android."
Apple has long pursued security and the rapid distribution of free updates of iOS as a differentiating feature. Android switchers are increasing. Tim Cook noted in the company's last earnings call that switchers from Android now account for 30 percent of new sales--the highest quarterly rate of switchers ever.
Data from Ericsson noted that iOS has a regular net influx of switchers that surges with each new iPhone release.
A new 0-Day flaw discovered by Perception Point Research has existed since 2012, long enough to have to spread vulnerability across "tens of millions of Linux PCs and servers, and 66 percent of all Android devices."
As noted in a report by Dan Goodin of Ars, the flaw allows unprivileged apps to "gain nearly unfettered root access," including access to camera, microphone, GPS location and personal data.
Having been discovered, the flaw is relatively easy to fix for most desktop and server users, but requires a kernel patch on Android that most users of phones, tablets and other devices are unlikely to ever get.
Despite releasing a new version of Android last fall alongside iOS 9, Google still only reports that a tiny fraction of its installed base has gained access to it--in stark contrast to the 75 percent majority of iOS users who are now on the latest software from Apple.
Android's problem caused by the fragmented accountability of carriers, hardware makers and Google itself to create, test and distribute updates for their customers after the initial sale.
Source: Google
Android's problem is even more serious in China, where reportedly just 20 percent of the installed base has upgraded to software newer than 2014, despite high volume sales of new hardware. Even Android licensees in the U.S. frequently sell outdated hardware with old versions of Android installed on them, with no plans to ever service users with necessary updates and security patches.
"Android/Google needs to fix their update model," wrote a 'reader favorite' commenter at Ars. "Most Android phones with this bug will never be fixed. It is getting more and more difficult to not actively recommend that people avoid Android for Windows Phone and Apple iOS."
"It's really irresponsible to have no way to quickly roll out fixes to your customers"
Another stated, "I really really really wish Google would solve the Android update problem. These bugs will happen, and it's impossible to ask developers to always create perfectly secure code. It's really irresponsible to have no way to quickly roll out fixes to your customers. There have been so many security issues with my Android phone, and none of them would be a big deal at all if they could just roll out a fix quickly! Instead I just feel frustrated."
Google did make an attempt to address the issue in the Android Update Alliance, an initiative from 2011 to get hardware makers to commit to at least a year and a half of software update support for their new phones. But it couldn't even win that minor concession from its partners. Hardware makers are actually incentivized not to update old products because this could make their new offerings less attractive (and less necessary to buy).
When Samsung released its Knox software aimed at securing Android enough to sell to enterprise buyers, it only distributed on its newest and most expensive models.
"I can't take it anymore"
Last summer at the outbreak of Stagefright (a flaw that enabled attackers to compromise Android devices by simply sending a text message), Android enthusiast Lorenzo Franceschi-Bicchierai wrote "In many ways, Android is great. I love its open source ethos and the ability one has to customize it. But I can't take it anymore for one simple, but really fundamental, reason.
"Google still has very little control over software updates, and Android users are basically at the mercy of their carriers and phone manufacturers when it comes to getting updates or new operating system versions."
He cited a tweet by security researcher Nicholas Weaver: "Imagine if Windows patches had to pass through Dell and your ISP before they came to you? And neither cared? That is called Android."
In November, Chris Soghioan, the principal technologist for the American Civil Liberties Union, described Google's lack of updates--combined with its lack of user privacy and data collection--as a "digital security divide," adding that "the security people I know at Google are embarrassed by Android."
Apple has long pursued security and the rapid distribution of free updates of iOS as a differentiating feature. Android switchers are increasing. Tim Cook noted in the company's last earnings call that switchers from Android now account for 30 percent of new sales--the highest quarterly rate of switchers ever.
Data from Ericsson noted that iOS has a regular net influx of switchers that surges with each new iPhone release.
Comments
Suggesting a strategy of destroying your own margins by deliberately making an inferior product and then letting others make the hardware and have all that negativity..
1. It's a DED article and I can't stand his writing style.
2. I've never gotten a virus using Android.
3. All my friends are using Marshmallow so this isn't a problem.
4. I hate walled gardens.
5. Android users are smart enough to avoid viruses because they can root their phone.
6. I love specs.
7. iPhone = Bendgate
8. I've always trusted Google because they're so innovative and cool.
Yeah it's **GREAT** owning a 1.5 year old flagship Android phone with an Android OS that's THREE YEARS OLD. Google: can you PLEASE work more closely with your hardware manufacturers? You don't see Apple people with 1.5 year old iPhones stuck in OS 5.
I too used to be an Android evangelist. Not now! I am ready to switch back to Apple after being stuck in Android 4.4.2 on a TOP-OF-THE-LINE, QUAD-CORE PHABLET for almost two years! What a nightmare.
There is a lot of marketshare for Apple to take. Google is now a sinking ship.
2. You never got a virus (as far as you know)
3. Both your friends? That ought to be enough proof.
4. Who cares?
5. Clearly not usually true.
6. Do you love having more cores, a higher clock speed , and still be slower? Sounds stupid.
7. Really?
8. Ok, now I know you're joking!
Oh, when you go out to get that examination, make sure to leave all Apple sites, you're just cheap comedy for us.
Thank you.
I wish Appleinsider was more discriminating about what they print. I rely on this site for news an rumors concerning Apple. Articles such as this with Juvenile catch phrases such as "Android is the new Flash" lower the credibility of the whole site.
Seriously it's hilarious when a 'droid user brags that his phone's running marshmallow XD
Good idea in theory but Apple wouldn have no control over the hardware which would ruin everything. They could potentially make a ton of money though while Droid loses.
The "Peach" idea again is good in theory but Apple would want control of the manufacturers. More of a hassle unless Apple themselves build "Peach" phones exclusively.
Knockoffs are never "top-of-the-line", Droid manufacturers pray on the uneducated and spew random numbers to get them to buy their iPhoneys.
Even disregarding security you will be surprised how much Apple cares about their customers. Enjoy Apple!