Old Androids Never Die, They Just Become Bots

Category: Mobile , Security

Is there a horrible, terrible security vulnerability lurking in your Android-powered mobile gadget? Are evil Russian hackers controlling Richard Engel's smartphone at this very moment? Read on...

Android Security Problems?

Another overwrought “security vulnerability” story rippled the news cycle recently. As DigitalTrends put it: “Researchers at IBM have published a report detailing a serious vulnerability in the KeyStore that affects 86 percent of Android devices.”

Only that isn’t true. It’s really just 10 percent of Android devices that are vulnerable; specifically, devices running Android v4.3 (Jelly Bean). But DigitalTrends, like a lot of other tech FUD/news sites, hasn’t corrected that error as of this writing.

Furthermore, “serious vulnerability” is a serious misstatement. The bug is a buffer-overflow vulnerability which a hacker can exploit to gain administrator-level control over a device, but only if the hacker can get through all of the anti-tampering safeguards built into Android. It’s about as serious as leaving a door open in the basement of Fort Knox.
Android Security Problems

That said, this tempest in a teapot highlights a different problem with Android, which pundits refer to as "Android fragmentation." In a nutshell, it means there are too many versions, and not enough support.

Google fixed this bug only in the latest v4.4 (KitKat), leaving all earlier versions unpatched. (Of course, only v4.3 needs patching; versions prior to that don’t have this vulnerability.)

A related symptom of the “too many versions” problem is Google Wear, the company’s latest OS for wearable devices such as smartwatches, health monitors, etc. Apps that work with Wear will not run on any Android version lower than 4.3, leaving about 75 percent of active Android devices to Wear nothing. Naked Androids? Run for the hills!

Why Can't I Upgrade?

Why are there so many obsolete versions of Android still in use? Why don’t those users upgrade their operating systems, as I’ve constantly exhorted desktop OS users to do? Well, for once users can’t be blamed; most Android devices cannot be upgraded to the latest OS version by users alone.

Why did I mock NBC reporter Richard Engel in the opening paragraph of this article? See my article Lies, Damned Lies, and Olympic Journalism for that story.

You can’t just go to the Android website and download the latest version to install on your device. That’s because the pristine Android OS won’t do what your Android device is designed to do. The Android running on your phone or tablet has been heavily customized by the device maker to take full advantage of the particular hardware platform that the manufacturer has designed. You have to get that customized device-specific Android software from the device maker.

So why don’t manufacturers make their custom versions of Android available to customers as soon as a new version of “original” Android is released? Because that new version would have to be customized again, and that is a herculean, expensive, lengthy undertaking. By the time a customized Android upgrade was ready, the hardware that consumers expect would be radically different and the upgrade would not enable all of the hardware’s new features, if the upgrade ran at all.

Carriers like Verizon, AT&T, T-mobile, and Sprint contribute to the obsolete OS problem by binding customers to two-year contracts and lengthy phone-upgrade eligibility periods. Few customers are going to take the financial hit of ditching a months-old phone just to get the latest hardware and operating system version. We’re seeing some erosion of this barrier to upgrading, but it’s still pretty high.

I will say that Verizon has been pretty good about providing Android upgrades, at least for the popular Samsung Galaxy models that I've had in the past couple years. My Galaxy S4 received the KitKat (v4.4) upgrade back in May. If you have a less popular or low-end Android device, you've probably not seen an Android OS update since you got your phone or tablet.

But is not having the latest version of Android a real problem or a psychological one? Your lawn mower probably isn’t state-of-the-art. Does that cause you any angst? Do you expect the maker to send you an upgrade kit every time a new model comes out? Most people are perfectly happy if a lawn mower just cuts the grass quickly enough with a tolerable amount of effort.

“But... but... SECURITY VULNERABILTIES!” As I explained above, very few hysterically reported security holes matter at all. Those that do matter get patched in older versions of operating systems. Those that don’t matter are simply closed in the next full release.

Your thoughts on this topic are welcome. Post your comment or question below...

 
Ask Your Computer or Internet Question

  (Enter your question in the box above.)

It's Guaranteed to Make You Smarter...

AskBob Updates: Boost your Internet IQ & solve computer problems.
Get your FREE Subscription!


Email:

Check out other articles in this category:



Link to this article from your site or blog. Just copy and paste from this box:

This article was posted by on 11 Jul 2014


For Fun: Buy Bob a Snickers.

Prev Article:
Pandemiya: The New Trojan Horse

The Top Twenty
Next Article:
The Truth About Community Standards on Facebook

Most recent comments on "Old Androids Never Die, They Just Become Bots"

Posted by:

john
11 Jul 2014

It is frustrating that newer apps won't run on older OSs. I have a Gingerbread OS, and there are increasingly more apps that are incompatible with my phone.

I feel old devices are not upgraded for two reasons:

1) Manufactures want you to buy a new device
2) The newer OSs require more resources. Older devices may become laggy with a newer OS.


Posted by:

glennhkc
11 Jul 2014

If you buy a Nexus phone (I have the Nexus 5) you'll always have the latest version of Android and on the day it's released. Go with a MVNP like Ting and unless you're a power user (teenager) you'll have the lowest smartphone bill of anyone you know. I prefer to spend my money on a really great phone - not for my monthly service. My Ting bill was less than $20 last month.


Posted by:

Brian S.
11 Jul 2014

Good article, Bob. I was wondering if you know of any gurus that specialize in Android and have a website that is structured similar the one you have that can explain the different versions of the OS and what apps are the best for your phone or tablet and which ones to stay away from.


Posted by:

Gareth Alexander
11 Jul 2014

Hi Bob - Read your article about "Old Androids Never Die, They Just Become Bots".

I've got an old Motorola XOOM (the original one)it’s got Android Ver 4.0.4 on it and it still behaves itself very well, no problems with installing even the most update software (Games mainly), only ever had two/three system crashes which took 10 minutes to sort out and get back up and running again.

I've looked at other Tablets, but as long as my MOOTOROLA XOOM keeps on working well, I have no real incentive to upgrade.

I did however get a descent BLUETOOTH speaker system to improve the audio on the XOOM, as I didn’t like the audio quality of the rear facing speakers; the new BLUETOOTH speakers have given it a new lease of life.


Posted by:

Gail
11 Jul 2014

Thank you, AGAIN!


Posted by:

Joe M
11 Jul 2014

Comparing a phone to a lawn mower???

What is more frustrating is the BYOD policies that allow you to take a AT&T phone over to Tmobile, but not have all the functionality (eg MMS) work.


Posted by:

Bernard Gallivan
11 Jul 2014

I tend to use old technology - I've only just got rid of XP - but it was only when I inherited my wife's old IPhone - she has the new technology - that I discovered its limitations. Every single new App I have tried to load, regardless of complexity, fails because it is not supported by my old version. I won't touch Apple ever again.


Posted by:

RandiO
12 Jul 2014

I may be somewhat prejudiced but it seems like the only company that has ever respected the concept of "legacy" (in both hw and sw) is Microsoft Windows. Not Linux and certainly not Apple. Although Android penetration is only a few years old; we are already seeing that fall out re: respect for legacy! ...relatively speaking, of course.


Posted by:

poppy fogarty
12 Jul 2014

Hi Bob, Your article on android updates was interesting. Do I now have to ditch my iPhone 4S as soon as this becomes obsolete. iPhones are expensive, and I only use mine for text and emails.
Worried mine will be hacked?
Thanks
Poppy


Posted by:

Mike H
12 Jul 2014

That is why I stick with my iPhone.


Posted by:

Brian R
13 Jul 2014

Great article Bob! It is important for people to understand the OS upgrade-ability of their phone or tablet. This should weigh-in very heavily when deciding to buy a smartphone. I think this is part of the reason Google is not impressed with how manufacturers are handling the Android OS on their phones. It is one of the reasons I originally went with the iPhone.


Posted by:

Dave
19 Jul 2014

There is such a thing as custom ROM's for Android.
Asus doesn't update it's tablets but that doesn't stop it's users from running KitKat 4.4.4.


Posted by:

Matt
20 Jul 2014

This is one of the many reasons that every Android phone I've owned has been rooted... so that I can control exactly what ROM gets installed and get rid of all that manufacturer and carrier bloatware. Also part of the reason my latest phone and any future phones I get will be a Nexus device. Straight from Google as they intended it to be. I am annoyed with manufactures like Samsung who still insist on putting physical buttons on their phones. Google stopped doing that two device releases ago!


Post your Comments, Questions or Suggestions

*     *     (* = Required field)

    (Your email address will not be published)
(you may use HTML tags for style)

YES... spelling, punctuation, grammar and proper use of UPPER/lower case are important! And please limit your remarks to 3-4 paragraphs. If you want to see your comment posted, pay attention to these items.

All comments are previewed, and may be edited before posting.

NOTE: Please, post comments on this article ONLY.
If you want to ask a question click here.

Free Tech Support -- Ask Bob Rankin
RSS   Add to My Yahoo!   Feedburner Feed
Subscribe to AskBobRankin Updates: Free Newsletter
Copyright © 2005 - Bob Rankin - All Rights Reserved
Privacy Policy -- See my profile on Google.
[an error occurred while processing this directive]


Article information: AskBobRankin -- Old Androids Never Die, They Just Become Bots (Posted: 11 Jul 2014)
Source: http://askbobrankin.com/old_androids_never_die_they_just_become_bots.html
Copyright © 2005 - Bob Rankin - All Rights Reserved