Insecurity Looms for One Billion Android Users
Nearly a billion Android users are more vulnerable today then they were yesterday. Google has casually discontinued support for their WebView tool to Android users that haven’t yet upgraded to KitKat version 4.4. According to Google, nearly 60% of Android users will be left in the lurch when it comes to safety on their Android devices.
In lieu of support, Google will consider releasing patches that are discovered – and fixed – by the user community. This move by Google only adds to the growing conversation on exactly where Google stands on vulnerability assessment. Over the weekend, Google decided to release details of a Microsoft vulnerability that was scheduled to be patched just a few days later, bringing into question Google’s interest in the technology user community as a whole. So, Google is paying researchers to find vulnerabilities in competitive products, but doesn’t want to pay researchers to find and fix problems in it’s own operating system.
While we can speculate as to the reason for Google’s recent laissez faire security posture, the answer may be in the hardware sales. The discontinuation of support of pre-KitKat devices may mean that Android users will be forced to adopt Android’s poorly received Lollipop OS. This could require a hefty price tag, since so many devices haven’t been part of the rollout…yet.
In contrast to Google, Windows 8 was released in 2012 and will have extended support through 2023, and Ubuntu recently sunset v12 while offering extended support for five years. It comes down to lifecycle management and customer service. Frankly a 2-3 year support lifecycle is dangerous for consumers, app vendors and IT staff that support infrastructure that communicates with these devices.
Of course, having nearly a billion vulnerable devices roaming around the world isn’t just dangerous for device owners. These exposed and defenseless phones are connecting to networks as part of the growing Internet of Things. Recently, InfoWorld was so bold as to make the statement that “Android will power the IoT”. And perhaps that’s true, since the Android marketplace already boasts nearly a million applications in the GooglePlay store and developers are always willing to embrace open source for it’s flexibility and agility.
With non-linear growth expected over the next several years in the IoT, and multiple vendors vying to be the embedded operating system driving that growth long term support and security are paramount. Google will need a more friendly strategy to users and partners than leaving then in the dust every few years.