Android 5.0 Lollipop still hard to find, full of bugs as Google shrugs off security flaws for 60% of
Google's Android team has advised outside security researchers that it will no longer fix security bugs found in Jelly Bean or earlier releases, despite the fact that "pre-KitKat 4.4" software powers the majority of active users' devices currently accessing Google Play. Meanwhile, less than 0.1 percent of Android users have received Android 5.0, and those who have report an "unfinished/unpolished" experience.
Google's latest figures for Android version distributions show that only 39.1 percent of active users have Android 4.4 KitKat, which was first released shortly after iOS 7 in late 2013. Google's latest release, Android 5.0 Lollipop, has not even reached 0.1 percent of the Google Play active installed base (which does not include Amazon or other non-Google Android devices in markets including China).
In contrast, Apple now has 68 percent of its users on iOS 8, while 29 percent are still using the year old iOS 7. Only 4 percent are using an earlier release. However, Apple has continued to patch iOS 6 for older devices, releasing its latest 6.1.6 update for 2009's iPhone 3GS last February, addressing the "goto fail" flaw.
Google has now announced that it won't patch newly discovered flaws in Android pre-KitKat, including WebView (the equivalent of iOS' Safari WebKit), news passed along by security group Rapid7.
There are plenty of Android WebView bugs in need of patching; security researchers Rafay Baloch and Joe Vennix, among other contributors to the Metasplot vulnerability exploit tool, have identified at at least 11 active exploits targeting Android's WebView in Jelly Bean and earlier.
Google eventually abandoned its efforts to make Flash work on Android, but retained insecure code that enabled other exploits to take advantage of Android's cozy relationship with Flash up to and including Jelly Bean.
For example, Android's buggy WebView enabled Fake ID, a vulnerability discovered by BlueBox Security last summer, to gain system wide access to users' data by pretending to be Flash, escaping the sandbox and digging within apps such as Salesforce and Microsoft OneDrive to grab data from the apps, sniff out the apps' network traffic and gain any additional privileges held by those apps.
WebView is used to render webpages in the system browser and within apps that bundle it. In 4.4 KitKat, Google switched to a new web rendering engine based on Chromium, stripping out the last remains of Flash. Google's policy to abandon support for pre-Chromium users therefore leaves most Android users vulnerable to a wide range of known exploits.
Google's Android installed base is the opposite of Apples', with most users (46 percent) stuck on on "Jelly Bean" (the equivalent of iOS 6 or earlier), another 39 percent on its iOS 7-era KitKat, and virtually none on the latest "Lollipop" update (as new as iOS 8). Another 6.7 percent are still using Android 4.0, and 8.2 percent (of Google Play's active users) still use an ancient version of Android 2.x dating from 2010-2011 (as old as iOS 3-5).
Android updates have always lagged behind, in part because most users have to wait for Google's software to trickle through layers of testing and tweaking by manufacturers and carriers before they can install an update.
Rather than getting better, Android's update problem appears to be as bad or even worse than it was in 2011, when Android was barely three years old and the issue of Google's inability to issue prompt updates began floating as a real issue.
One issue contributing to the lag in Google's updates is the fact that most Android devices sold are barely equipped to run new software. Facebook recently noted that 66 percent of the Android devices using its software have hardware specifications comparable to (or worse than) an iPhone 4 from 2011.
Even users of Google's own Nexus-branded products are likely to not get updates after only a year and a half. For example, Google never made last year's KitKat available to users of its Samsung-built Galaxy Nexus (a phone released alongside iPhone 4S in late 2011).
Commenting on the Forbes article "Why is Nobody using Android 5.0 Lollipop?" reader Paul Armstrong wrote, "I called Google about my Nexus 7 2013 not receiving the OTA [over the air] update and I was told by the CSR that Google is still rolling out the 5.0 OTA update to Nexus devices.
"I was told the order was based on place of purchase and since I didn't purchase from Google directly I would have to wait longer. I was told they have no ETA on when the roll out would be complete and no estimate and when I might receive an OTA update. I then asked if there was any other method of getting 5.0 on my Nexus 7 and was told no. I was told my only option was to wait (isn't there a download update too???)
"So here's your two reason[s] why Android 5.0 has such a small market share: 1) Google is not rolling it out to their own devices; 2) Carriers have not yet (for the most part) rolled it out to the majority of customer devices."
Nexus users who have received Android 5.0 note that Google is suffering through significant software release bugs, just as Apple has with iOS 8. Reader "LazyHazy" wrote, "I've been using Android Lollipop since November when my Nexus 4 received the update, and have since had a 5.0.1 update.
"I agree with 'Joe pasta', however, that Lollipop is somewhat unfinished/unpolished and Google are ironing out the bugs before releasing it to the entire market. The Nexus users serve somewhat as 'crash test dummies' before everyone else receives the latest Android update; except Nexus 7 users, as Lollipop currently brings this device to its knees, hence why the OTA updates stopped.
"I didn't realise that us Nexus users make up less than 0.1% of the market; I'm feeling quite privileged now... despite the teething problems."
Android fan site GottaBeMobile noted that, although apparently limited to users of Nexus devices, the Android 5.0.1 update has users "complaining about the inability to connect to wireless at work, screen rotation issues on the Nexus 7, various issues with Wi-Fi after installing Android 5.0.1, Android 5.0.1 installation issues, problems with Google's 'OK Google' function, even more Wi-Fi problems, issues with sound after upgrading, Bluetooth issues, problems with the home button, and we've also heard that some people have seen the notification, only to see it disappear. This just scrapes the surface and as time goes on, we'll almost certainly see more complaints from Android 5.0.1 users."
Back in November, the BBC profiled Android 5 issues reported by Nexus early adopters, citing users who said the update made their devices "unusable," including Kristen Sawyer, who reported that "some apps won't work and some crash. I wish I didn't install the update."
Another stated "Chrome is dead, unusable, Firefox just about works, the keyboard takes over a minute to load, nearly works if you hunt and peck but dies if you try to swipe."
Nexus user Gary Looker said the Android 5 update is so "shockingly bad it is basically unusable, lags just rotating the screen, every task takes 10 seconds to perform if it does it [at all].
"I've turned off Google Now, changed transitions to zero and limited it to two background apps maximum like the good people here suggested. I shouldn't have to do that, and many people won't know where to turn or who to listen to."
Last September, Apple's new iPhone 6 users also experienced show stopping bugs with the flawed iOS 8.0.1 release. Apple fixed the problem the next day. Two months later, Google's Nexus users are still waiting for an Android 5 Lollipop fix.
Google's latest figures for Android version distributions show that only 39.1 percent of active users have Android 4.4 KitKat, which was first released shortly after iOS 7 in late 2013. Google's latest release, Android 5.0 Lollipop, has not even reached 0.1 percent of the Google Play active installed base (which does not include Amazon or other non-Google Android devices in markets including China).
In contrast, Apple now has 68 percent of its users on iOS 8, while 29 percent are still using the year old iOS 7. Only 4 percent are using an earlier release. However, Apple has continued to patch iOS 6 for older devices, releasing its latest 6.1.6 update for 2009's iPhone 3GS last February, addressing the "goto fail" flaw.
Google has now announced that it won't patch newly discovered flaws in Android pre-KitKat, including WebView (the equivalent of iOS' Safari WebKit), news passed along by security group Rapid7.
There are plenty of Android WebView bugs in need of patching; security researchers Rafay Baloch and Joe Vennix, among other contributors to the Metasplot vulnerability exploit tool, have identified at at least 11 active exploits targeting Android's WebView in Jelly Bean and earlier.
Android's big oops won't get fixed
Android WebView has an abysmal security record, which is significant because it is used throughout the system. One of its major flaws is that it incorporated hardwired support for Adobe Flash, which Google originally touted as a feature for Android before admitting that the proprietary middleware was effectively impossible to support and secure on a mobile device, just as Steve Jobs had stated back in 2008 and again in 2010.Google eventually abandoned its efforts to make Flash work on Android, but retained insecure code that enabled other exploits to take advantage of Android's cozy relationship with Flash up to and including Jelly Bean.
For example, Android's buggy WebView enabled Fake ID, a vulnerability discovered by BlueBox Security last summer, to gain system wide access to users' data by pretending to be Flash, escaping the sandbox and digging within apps such as Salesforce and Microsoft OneDrive to grab data from the apps, sniff out the apps' network traffic and gain any additional privileges held by those apps.
WebView is used to render webpages in the system browser and within apps that bundle it. In 4.4 KitKat, Google switched to a new web rendering engine based on Chromium, stripping out the last remains of Flash. Google's policy to abandon support for pre-Chromium users therefore leaves most Android users vulnerable to a wide range of known exploits.
Google's Android installed base is the opposite of Apples', with most users (46 percent) stuck on on "Jelly Bean" (the equivalent of iOS 6 or earlier), another 39 percent on its iOS 7-era KitKat, and virtually none on the latest "Lollipop" update (as new as iOS 8). Another 6.7 percent are still using Android 4.0, and 8.2 percent (of Google Play's active users) still use an ancient version of Android 2.x dating from 2010-2011 (as old as iOS 3-5).
Rather than getting better, Android's update problem appears to be as bad or even worse than it was in 2011
Android updates have always lagged behind, in part because most users have to wait for Google's software to trickle through layers of testing and tweaking by manufacturers and carriers before they can install an update.
Rather than getting better, Android's update problem appears to be as bad or even worse than it was in 2011, when Android was barely three years old and the issue of Google's inability to issue prompt updates began floating as a real issue.
One issue contributing to the lag in Google's updates is the fact that most Android devices sold are barely equipped to run new software. Facebook recently noted that 66 percent of the Android devices using its software have hardware specifications comparable to (or worse than) an iPhone 4 from 2011.
Even users of Google's own Nexus-branded products are likely to not get updates after only a year and a half. For example, Google never made last year's KitKat available to users of its Samsung-built Galaxy Nexus (a phone released alongside iPhone 4S in late 2011).
Android 5.0 Lollipop hard to find, full of bugs
Currently, even users of Google's Nexus 7 tablet (currently still on sale) report that they still haven't received an update for Android 5.0 Lollipop, despite the device being prominently depicted by Google as being able to run the new software when it was first introduced last summer.Commenting on the Forbes article "Why is Nobody using Android 5.0 Lollipop?" reader Paul Armstrong wrote, "I called Google about my Nexus 7 2013 not receiving the OTA [over the air] update and I was told by the CSR that Google is still rolling out the 5.0 OTA update to Nexus devices.
"I was told the order was based on place of purchase and since I didn't purchase from Google directly I would have to wait longer. I was told they have no ETA on when the roll out would be complete and no estimate and when I might receive an OTA update. I then asked if there was any other method of getting 5.0 on my Nexus 7 and was told no. I was told my only option was to wait (isn't there a download update too???)
"So here's your two reason[s] why Android 5.0 has such a small market share: 1) Google is not rolling it out to their own devices; 2) Carriers have not yet (for the most part) rolled it out to the majority of customer devices."
Nexus users who have received Android 5.0 note that Google is suffering through significant software release bugs, just as Apple has with iOS 8. Reader "LazyHazy" wrote, "I've been using Android Lollipop since November when my Nexus 4 received the update, and have since had a 5.0.1 update.
"I agree with 'Joe pasta', however, that Lollipop is somewhat unfinished/unpolished and Google are ironing out the bugs before releasing it to the entire market. The Nexus users serve somewhat as 'crash test dummies' before everyone else receives the latest Android update; except Nexus 7 users, as Lollipop currently brings this device to its knees, hence why the OTA updates stopped.
"I didn't realise that us Nexus users make up less than 0.1% of the market; I'm feeling quite privileged now... despite the teething problems."
Android fan site GottaBeMobile noted that, although apparently limited to users of Nexus devices, the Android 5.0.1 update has users "complaining about the inability to connect to wireless at work, screen rotation issues on the Nexus 7, various issues with Wi-Fi after installing Android 5.0.1, Android 5.0.1 installation issues, problems with Google's 'OK Google' function, even more Wi-Fi problems, issues with sound after upgrading, Bluetooth issues, problems with the home button, and we've also heard that some people have seen the notification, only to see it disappear. This just scrapes the surface and as time goes on, we'll almost certainly see more complaints from Android 5.0.1 users."
Back in November, the BBC profiled Android 5 issues reported by Nexus early adopters, citing users who said the update made their devices "unusable," including Kristen Sawyer, who reported that "some apps won't work and some crash. I wish I didn't install the update."
Another stated "Chrome is dead, unusable, Firefox just about works, the keyboard takes over a minute to load, nearly works if you hunt and peck but dies if you try to swipe."
Android 5.0 Lollipop is so "shockingly bad it is basically unusable"
Nexus user Gary Looker said the Android 5 update is so "shockingly bad it is basically unusable, lags just rotating the screen, every task takes 10 seconds to perform if it does it [at all].
"I've turned off Google Now, changed transitions to zero and limited it to two background apps maximum like the good people here suggested. I shouldn't have to do that, and many people won't know where to turn or who to listen to."
Last September, Apple's new iPhone 6 users also experienced show stopping bugs with the flawed iOS 8.0.1 release. Apple fixed the problem the next day. Two months later, Google's Nexus users are still waiting for an Android 5 Lollipop fix.
Comments
No concern to Big G as long as Ads work flawlessly to pay their bills!!
As I always say, who the f*** gave google the idea to become developers?!! Oh, yeah ... that moron Eric Schmuck when he was a board member at Apple!
[COLOR=blue]Meanwhile Samsung just announced their version of the iPhone-killer with a zillion-core CPU and 1.21 jiga-watts of RAM... and that's just to run the OS.[/COLOR]
Utterly disgusting, and just goes to show how little of a **** Google actually gives about security for their users, and how much contempt they have for people who use their products. No, Apple isn't perfect, but you can tell they care, they put an effort, and they aren't purposely negligent with things like this.
Oh, and Lollipop is an absolute mess. I regretted updating my Nexus 5. I basically need to reboot twice a day now to stop apps from crashing left and right. And when I say apps, I mean the built in camera and SMS apps. All the animations, etc are also God-awful, and you can tell they were desperately trying to out-Apple Apple, with little regard to usability or functionality.
What irritates me most about these Fandroid fcukers is that if this were about Apple pulling a stunt like this, we'd be hearing their hissy-fits from the deep confines of their parent's basement about the "evil" corporation.
But no, not Google. Makes me wonder who's really grabbing their own ankles while waiting to get it.
Hypocrites. Google and Fandroids should be ashamed of themselves for accepting (and defending) such horrible and despicable business practices. Who's the lemming now?
Freetards.
But..but.. hey... it's "open"!!
So it is with Android's naming scheme. It's always seemed to me that the infantile use of sweets betrays the child-like mentality of Page. There's a real block there. In a sense, Google have never grown up, and I think it's their Achilles heel.
Having said that, four years ago, I would be in my ivory tower, sagely nodding my head to DED's tale of Android woes. Sadly, I feel that a lot of those woes are being replicated in iOS 8. As I was reading the list of bugs, I realised that I seemed to have read of the same ones and more on our side.
What does Apple need? It needs a Jony Ive for software. A genius who can elevate their reputation by a seismic amount.
Apple has grown up. It now needs to put its Achilles heel, its software, to rights.
Open like a cesspit ...
Sadly, I feel that a lot of those woes are being replicated in iOS 8. As I was reading the list of bugs, I realised that I seemed to have read of the same ones and more on our side.
Comparing iOS8 to that botched Android project is a joke to say the least.
At least I can trust Apple to continue to support my x-year-old iPhone and fix software issues in a ways Google could only wish for. Apple is not perfect, but at least it's better than the competition.
Google can't even get their current OS out in the hands of real people. That's sad. Even worse, NEW phones have an old OS and may most likely not be able to get the new OS if/when it comes out. That's shameful.
iOS8 may have it's issues, especially when it first came out but it's been pretty good since that hiccup. Try developing an OS system that will run on literally hundreds of millions of mobile devices and let us know how you're doing. It's hard stuff. At least Apple doesn't throw in the towel like Google does.
edit: Ooops... accidentally copied entire article. Sowwy!
Meanwhile Samsung just announced their version of the iPhone-killer with a zillion-core CPU and 1.21 jiga-watts of RAM... and that's just to run the OS.
I wonder how much flash storage will be available after you install it...is a negative number possible???
@sflocal - Thanks for copying in the whole article - I was thinking about rereading it anyway!
"Android WebView is has an abysmal security record, which is significant because it is used throughout the system. One of its major flaws it that it incorporated"
Hey Kasper's Slave, better correct your typos, or else the Fandroids will site them proof that everything you've said is completely false.
But it's open! (sarcasm)
Apple tends to keep limited support for older devices longer than other brands. One thing that contributes to that is that their hardware lasts a lot longer. I recently gave a friend my old iP4 running iOS 8. She was so excited about it because her old Samsung wouldn't hold a charge. She immediately went out and bought a bunch of cases and accessories for her "new" iPhone. She is only 21 but very excited about her new phone and she always thanks me over and over for giving it to her. Plenty of reward for me. Much more than selling it.
Come on, Google fans, where is the angry defense of Android?
Come on, Google fans, where is the angry defense of Android?
Whatever you do don’t ask a Fandroid about why they aren’t running Lollipop on their phones. They get very upset and testy and defensive. They start spouting about how Android rules the world and iOS sucks. If you keep pressing them about Lollipop you risk the cornered rat response.
And what will they say about *your* typo's?
("cite" vs "site")
I am still waiting for the release of System 7.7 for my LC II.