Apple and BlackBerry have a long established history of providing regular performance and security updates to their end users. Google developers of Android on the other hand are unable to deliver the updates to the carriers or mobile device manufacturers on a regular basis.
My friends at North Carolina State University alerted Google last October about an Android Jelly Bean 4.2 security flaw involving a scammer sending a fake text message to Android devices – called smishing – which could leave Android users open to potential fraud. Google replied within days, but outside of those running ‘vanilla’* Android 4.2, smartphone makers and wireless carriers are yet to have distributed the update.
*Vanilla Android means the original Google build without any customisations. An example of a customisation is the Samsung Galaxy S3 which uses a TouchWiz UI.
The Android platform has too many versions currently which makes updating Android devices very challenging and costly for the carriers in particular. The carriers have more financial incentive to encourage users to upgrade their mobiles mid-contract than to upgrade an existing legacy Android device. Another known problem is carrier testing whereby they have to test each update before releasing to their respective network – this can take months. It is this window that Android malware authors will look to exploit.
Part of the bigger problem of updates is to do with version fragmentation. Fragmentation in this context means eight (Honeycomb tablet specific version included) Android versions to support (see source below) over several handset manufacturers in several countries! How do you support all these versions, carriers and models? Apple does not have this problem with iOS and neither does BlackBerry (the latter because of its historically close relationship with the carriers and it’s use of Network Operator Centers).
One reason why we haven’t seen this Jelly Bean 4.2 update is to do with the limited number of Jelly Bean 4.2 users – Google’s latest Android version. In fact, only 1.4% of the 500 million Android devices worldwide are currently using Jelly Bean 4.2. (See source below).
Safe surfing folks!