Android fragmentation, security and real world expectations

In the recent time some security ‘concerns’ within Android have caused widespread concerns about the OS.

What really grinds my gears about this is that everybody seems to expect the highest marks on all fronts because they get shown all kinds of marketing images with great expectations (even the ones made by other brands, because hey, they can do it, so should the brand you own…).

As an avid programmer with a long running interest in security this is something that I still cannot get used to. We live in a world where it’s easier to just throw away stuff we are getting bored with, we consider to old or just didn’t pay any maintenance to. Not only is this incredibly wasteful and degenerative to the skill we should be acquiring it also prompts the development of software (and also cars, appliances etc.) to be geared to this default.

When Google launched android it was the great success that many of us had been waiting for an open source system that runs on a phone, something most people believed impossible because of the closed system that was created in the years before. In the following years the ecosystem grew giving us enormous diversity and possibilities.

  • There are thousands if not tens of thousands of developers making code submissions, apps, patches, hacks etc to the OS itself
  • As of writing there are 1,600,000 “different” apps in the official Play store, even more on the internet
  • There are an innumerable amount of different devices (from the extreme high end to nearly feature phone capabilities)
  • Everybody wants everything to work with everything
    • They also expect it to be cheap
    • It must be fast, no matter how cheap the device
    • Every app should is expected to run on every device

While it is a great thing that we have a global network that enables us to get the latest updates almost real time for very low prices we should expect our security to be treated the same way!

On the other hand I do think that Google (and “re-sellers”) could do a lot more on updating old devices and keeping the cluster down.
In reality the bigger profit margin always wins, never security, reliability or service.