Who owns the mobile update issue?

The mobile phone update issue is one that has been bugging me for a while and whilst I am a great fan of android ( I have owned 3 of them ) it does have an achilles heel compared to mono culture phone OSes such as IOS from Apple.

Not since the early 90′s when windows updates were just a dream has there been such an issue. I know that history often repeats its self however the repetition that is occurring on the android platform with respect to the pitiful state of OS updates need to be discussed and brought out into the open. If you go to your local mobile phone shop and have a look at the android phones on offer you might be shocked to see that many of them, far from being on the latest version of Android are on truly ancient versions. A brief look around even turned up some that are on Android 1.6 which was released in 2009 some 3 years ago. Please remember the phone OS’s unlike desktop OS’s do not generally have backported patches. ie it is not the same as comparing Windows Vista to Windows 7, in the case of the Microsoft OS’s both can be patched to the latest version despite one being far far older than the other ie both can be perfectly safe ( or a safe as Microsoft OS’s can be.) On the current generation of smart phones to patch one replaces the whole OS with the new version.

The issue of a lack of security patches v’s whole OS releases can be handled, for example Apple due to their mono culture and Darth Vader like grip of the phone hardware manage it quite well. When they release an update all IPhones they have decreed as supported can download it. With Android this is not the case, one must wait for both the handset manufacturer and the carrier (assuming carrier locked phone) to accept the OS as suitable for their handset and network respectively. A comparison of the process looks like this

Note those decision boxes on the Android side? Well at each point either the mobile phone operator or the handset manufacturer could decide to stop backporting / customising and unless one had the wherewithal to be able to flash a default OS (Like the superb Cyanogen Mod) onto their phone they are now stuck with a non updating phone.

In the past this was not an issue, phones were used for making calls or sending SMSes. Now with the rise in smart phones your phone is just a computer like your laptop or desktop. Would you run for example a PC that hasn’t been patched for the last 3 years connected to the Internet ? would you put sensitive login details on that PC ? would you use that PC for online banking ?

I thought not..

However phone manufacturers have been getting away with this for the last few years because apart from your address book or logins to facebook / twitter etc there wasn’t a lot of sensitive data on there so the criminals ( by and large) stayed away. With the meteoric rise in banking and other sensitive data now on your smart phone how long do you think that this is going to go on for?