Google have decided to stop providing security updates for older Android Operating System devices, which could account for 60% of users, over a billion mobile phone and tablet users. There was no official announcement to notify all the users affected and suggest a way forward.
A smart phone operating system (OS) is essentially the software that provides the “brains” for a device that makes the phone “smart”. Like a book without content, a mobile phone without an operating system is not much use.
Android phones and tablets have grown exponentially in popularity since 2009 when android only had 4% of the market. Since 2014, it has become the dominant player with over 84% market share when comparing the main six competitors on the market. This is at the time when smart phone penetration is reaching new levels with 70% of population predicted to have access to a mobile device by 2017. This is one of the reasons that mobile application development is increasingly taught at universities on courses such as our Business Information Technology course.
Android is an open source operating system and is developed on the “open innovation” business model where interested developers and others have access to the code and are able to integrate and develop their devices to be compatible with Android. Unlike other open source projects, Google leads with Android. By making the Android source code available, Google increases the ownership of this operating system and its extensibility.
This business model is contrary to the competing operating systems providers such as Apple’s iOS and Microsoft’s Windows Phone OS. These competitors lock down their OS code and don’t offer as much flexibility as Google for developers.
Android has come on leaps and bounds over the years and given birth to millions of low cost devices that almost anyone can afford.
Global Android version distribution since December 2009 (CC) by Erikrespo
Previously, users did not have to worry much about the confectionery-based naming of their Android operating systems whether it was Cupcake, Eclair, Gingerbread or Jelly bean, most users were happy to just use their devices assuming that updates they installed kept them safe. But now, users have to think and find out what their operating system is.
Google has stated that it is no longer supporting WebView, which is a crucial aspect of Android phones prior to version 4.4 or practically, the latest version – Kit-Kat.
You can check your version of Android under your settings to see if you may be affected.
Go to Settings > About Device > and you should see something like this:
In this case we can see in the image, Android version 4.1.2 – one of the 930 millions unlucky customers who are no longer going to get support from Google.
Google made no official announcements, but simply stated that they will no longer support older operating systems and the responsibility lies with those who find the vulnerability to fix it. This is where the open source business model chosen by Android OS is making a difference. Similar decisions would be less likely, if not impossible in the case of Apple OS and Microsoft’s Windows OS.
It may get to the point where certain handsets running the same version of Android are vulnerable and others are not. This situation may also have legal ramifications.
First of all check which version of Android OS you are using – see the steps above. If your version is 4.4 or above you don’t need to do anything else. Google is still offering support to its two latest version numbers – KitKat and Lollipop.
Android security (CC) image by Uncalno Tekno
However, as we see from the delay of the Lollipop release, it is plagued by security issues and making sure that your OS is updated is good practice for any version – make sure you have the latest version by pressing on the “software update” option.
Dependent on your phone, it might allows you to download and upgrade to the latest KitKat version 4.4, so the answer is, you would need to speak to your mobile phone provider unless you are keen to experiment with your phone and have some technical knowledge on how to establish if your phone is able to be updated and upgrade it yourself.
Security on any device is crucial and keeping up to date with latest versions and patching older versions is an important part of keeping a device safe. We are now living in a world where mobile phones are used for sensitive activities such as mobile banking and online shopping. Having security breaches on mobile phones is a major issue. If you are unable to upgrade to the latest operating system perhaps don’t use your phone for those sensitive activities and just research and make a purchase on another more secure device.
This move by Google makes phones even less than a year old potentially vulnerable if older versions are not patched. So, what can we do? Buy a new phone? Move to IPhone? Apple devices are considered by some to be more secure, because of the tightly controlled ecosystem that they operate. However, there are others who claim that even iOS is not immune to security threats.
Android vs Apple OS (CC) by Jesús Belzunce Gómez
Part of Android’s appeal is the fact that it is cheap and cheerful, but with this comes a greater threat to devices in the shape of rogue apps, viruses, hacking and more. With the right safeguards however, Android can still be a safe bet. Making sure you update your phone and use safe, tested, up to date apps and operating systems where possible and using a mobile security app like Norton or the free Avast mobile security.
So, are Google setting up more than half of their audience for a fall?
In practise, this move may not have a huge impact for the vast majority of users. It may encourage providers to be more pro-active in updates and ultimately increase the amount of people running a newer version of Android. Encouraging more people to use the latest versions is a key factor for security and has been Google’s approach to software either through cloud servers or automatic updates.
Ultimately the key message is that we need to think about a mobile device as a computer not just a phone. A re-think about security software use, updates and precautions with viruses have to be taken as on any other computer.
Zain Javed, Head of Penetration Testing Services from Xyone Cyber Security said
Companies like Google should be encouraging people more to update to the latest versions and this in some way is a forceful tactic but it’s one that is required. Even if Google continued to provide patches it is still not guaranteed how long a user has to wait before the manufacturer and the network operators make the decision to roll them out.
In many ways, this could be tough love from Google that might ultimately improve security and the end user by getting more people to upgrade. What do you think? Should Google be doing more? Is it up to the end user or device provider to make sure Android is up to date and patched? Have you been affected by security problems on your device?