Silicon Shecky

Infosec Practitioner

Connect

Androids Biggest Weakness

By Leave a Comment

I have an Android phone, and I enjoy it. I don’t care for the iPhone. That being said, Apple has one huge advantage over Android.

The Android Smartphones are popular. The work well (for the most part), and are reliable (again for the most part). The open development community for apps has produced some great free applications, that you would have to pay for on iOS. There is a drawback to Android though, and it is something that by all rights should be more of a strength.

When you look into the world and history of Operating Systems, you see a bloody trail over security. Which OS is more secure, which one addresses security problems the fastest, etc. The Open Source community has always claimed that because more people can look at the code, patches can come out faster, and in the Desktop arena this definitely seems to be true. In the world of Smart Phones though, this “advantage” is lost.

The problem is not directly Android or Google, or the Open Source community. The problem is in Manufacturers, and even more so on the carriers. There is a process for patches and updates. Google writes an update, tests, sends to the manufacturer who tests, approves and then sends to the carrier. Android is so customizable, and on so many different manufacturer’s phones that this process has to happen for each model, each customized OS, and each carrier.

Now we are getting into a situation with this long protracted system of updates. Holes being found in the systems are there for months, possibly years before a patch gets pushed out. In this age of phone upgrades every 18 months, of more mobile applications for smart phones, more people banking and shopping off smart phones, and the upcoming Near Field Communications, updates for security need to happen a lot faster. The risk of more and more identity theft is growing, and the slowness of the pipeline is maddening.

Now add on that every manufacturer has been customizing the Android OS to try and differentiate itself from the others. How many more security issues can this raise. How many of the mods are creating security holes (we won’t go into other issues these mods cause)?

Yes, Apple has to go through the same sort of pipeline, but Apple has only piece of hardware (with different chips for GSM or CDMA) and just the carriers to deal with. Its a much shorter pipeline, and Apple can cut a carrier off from future iPhone releases if it wants to. Android needs to come up with something similar soon, especially with all the malware that has been coming out for the platform already.