Carriers and manufacturers are taking Android security updates seriously
Google continues to go after security bugs and potentially harmful apps that are circulating around Android. The Google Security Blog decided that mid-March would be a great time to look back at the team’s work in 2016.
Indeed, backdoor installations have come down about 30 percent since 2015, trojan installations and hostile downloaders have been cut by at least half, and phishing apps are down by 73 percent. That said, even though installations are off, the number of infected devices have come up from 0.5 percent of all devices at the end of 2015 to 0.71 percent.
Of course, while active combat continues against the threats out there, it’s the open holes in Android still need addressing. The Stagefright vulnerabilities were a catalyst for Google to start a campaign to pressure manufacturers to pass along security updates more frequently. That hasn’t worked.
But what has worked was a listening tour of sorts where the company learned that a lot of tennis had to happen between manufacturers and the carriers they work with. Specifically, carriers were still treating them as if they were burdensome, feature-laden software packages that needed to go through the same communication channels between Google and the manufacturers.
TechCrunch has learned that Google has been able to cut down implementation times from six to nine weeks down to just days with its negotiation. Half of the top 50 devices across the world were patched in the fourth quarter.
“In North America, just over 78 percent of flagship devices were current with the security update at the end of 2016,” said Adrian Ludwig, Android security lead. “It’s a good number in terms of the progress that it represents. We think we can do better.”
Google is looking to expedite things by lightening up on update sizes and having them forwarded to users without approval. Drive partitions on newer Android devices will allow updates to load in on an unused drive and actuate when a user reboots.