[ET] Google throws nearly a billion Android users under the bus - refuses to patch

[VirtualLarry]

http://www.extremetech.com/mobile/1...der-the-bus-refuses-to-patch-os-vulnerability

This is obscene, IMHO. More and more of the world is depending on Android for their daily life / business. And Google refuses to patch vulns, in anything but the current version of Android?

Whatever happened to "do no evil", Google?

I'm not a fan of Apple, but I really hope that this comes around to bite Google.

A MS Phone seems like a better idea every day. MS has a good record on patching vulns, even on older versions of software.

Of course, Cell Phone Cos don't get off scott-free here either, as many of them never issue patches either.

 

[kyrax12]

Does this affect the Galaxy S4 gen of phones?

 

[isekii]

What they really need to do with force OEM's to release Google Stock Rom as an alternative for their devices.
Waiting for the wireless carriers to approve etc.. takes forever and you don't even get the updates in a timely manner.

Samsung/HTC/etc... all need to fix this.

 

[ControlD]

What they really need to do with force OEM's to release Google Stock Rom as an alternative for their devices.
Waiting for the wireless carriers to approve etc.. takes forever and you don't even get the updates in a timely manner.

Samsung/HTC/etc... all need to fix this.

Agreed. Having to wait for carrier+manufacturer specific releases is Android's biggest flaw in my opinion.

 

[kyrax12]

What they really need to do with force OEM's to release Google Stock Rom as an alternative for their devices.
Waiting for the wireless carriers to approve etc.. takes forever and you don't even get the updates in a timely manner.

Samsung/HTC/etc... all need to fix this.

This would be awesome! I hate touchwiz and I don't like to flash.

 

[poofyhairguy]

Sensational. Google has no way to update these devices. Even if they create the fix they have never been able to force updates to ASOP parts of Android. The OEM has to push the update, which won't happen for cheap or old devices.

Google has already fixed it the only way they can-in Chrome. That is why Chrome is the default now. Anyone that cares can install it for free from the Play Store. On devices with Chrome by default it updates automatically. The end.

There is the bigger problem that Google can't update Android, which is why they are doing Chrome OS and Android Wear differently.

 

[poofyhairguy]

Agreed. Having to wait for carrier+manufacturer specific releases is Android's biggest flaw in my opinion.

Then don't. Buy a Nexus. Google gives you the option to have what you want. You just can't get it AND a cell phone subsidy because part of that subsidy is to be able to feed you their crap ware.

Apple gets away without that because they work from a position of power. Microsoft won't do it either and you can barely buy a subsidized Windows phone on the biggest carrier. Google had to let Big Red shit all over Android to get in the door. Otherwise we would all be using WEB OS.

 

[lopri]

I do not understand. Android 4.4 or 5.0 is a "patch" to 4.2. They are not different OSes. Apple do not go back and republish new-old versions of iOS as far as I know.

 

[mmntech]

I do not understand. Android 4.4 or 5.0 is a "patch" to 4.2. They are not different OSes. Apple do not go back and republish new-old versions of iOS as far as I know.

They don't and never will. Apple moves boldly forward and throws users of 2+ year old hardware under the bus by slowing their device to molasses.

If you jailbreak, third party patches to major problems usually exist.

The fact that Google does have to go through device manufacturers to get their OS updated is problematic. It slows down updates to major security issues, if they get patched at all. There's got to be a better way to do it.

 

[isekii]

They don't and never will. Apple moves boldly forward and throws users of 2+ year old hardware under the bus by slowing their device to molasses.

If you jailbreak, third party patches to major problems usually exist.

The fact that Google does have to go through device manufacturers to get their OS updated is problematic. It slows down updates to major security issues, if they get patched at all. There's got to be a better way to do it.

Force OEMs to release Google Stock Rom for any for any devices older than 2 years. Carriers and oems can eat their subsidy for 2 years and let google handle the rest.

 

[MrSquished]

What they really need to do with force OEM's to release Google Stock Rom as an alternative for their devices.
Waiting for the wireless carriers to approve etc.. takes forever and you don't even get the updates in a timely manner.

Samsung/HTC/etc... all need to fix this.

agreed. if only the nexus 6 wasn't so big. but honestly, Google should make all carrier phones ship with stock android as an option. android is so big right now i don't see any company saying no to this rule. they'd be shooting themselves in the foot. makes no sense.

 

[poofyhairguy]

Force OEMs to release Google Stock Rom for any for any devices older than 2 years. Carriers and oems can eat their subsidy for 2 years and let google handle the rest.

They are doing that for Chrome OS and Wear OS but for Android that horse is kinda already out of the barn. With the existence of the AOSP version if Google tried to pull a move like that a lot of the emerging market would say F that and fork AOSP into some sort of semi-illegal mutant like we have in China's Xiaomi. Or Amazon would take their already done fork and go deeper in the market. Or Samsung (who prizes customization over everything) might make their own fork or shove Tizen everywhere. Etc.

Android is so big its its current state that it is hard to control. Kinda like Windows XP got with MS. But that flexibility gets them onto glasses, watches, into cars, etc. That is why they had to go with the hacky solution of delivering OS-level upgrades via Google Play services. That works fairly well so far, but it can't upgrade the AOSP parts up until Lollipop because they were system apps that came with the OS and not with the Play Services bundle. With Lollipop the Play Store has even more power and have the ability to control/uninstall unessential system apps like carrier bloatware. Problem is old devices can't be grandfathered in because they can't get the update. It is a Catch 22. The fix is in, and users will get it when they buy their next device in a year or so.

They are keeping a lid on wear and Chrome OS to prevent this problem from the start. Part of the reason they can though is because Chrome OS competes in a very old and competitive space, and Wear OS competes in a brand new one they created. Android had to go up against the juggernaut of iOS and it looks like it is going to win and be the Windows of mobile. The sacrifice for that is to lock down Android they would have to kill the AOSP version for leverage, which would cause an incredible backlash. And already some companies like Asus are starting to find ways to customize the Wear experience anyway through the ap side, so at some level Google just has to find a way to minimize damage.

The solution was Android Silver, I am pissed that apparently got scrapped. Consumers picking stock Android because they could might have created change with Lollipop. But the carriers are so stuck on having control that Android will have to slowly try to take back power or they risk giving MS one last window of opportunity in the space.

 

[Zaap]

You can always count on Google to yank the rug out from under Android users.

 

[postmortemIA]

Sensational. Google has no way to update these devices. Even if they create the fix they have never been able to force updates to ASOP parts of Android. The OEM has to push the update, which won't happen for cheap or old devices.

My thoughts on this "innocence of Google" or "their hands are tied"
1. Google could solve this problem by having large portions of android upgradeable through their play store
2. OEMs and cellular providers hate free updates, so they were adamant that their builds are independent from Google releases. That way, they control when and what is updated. It seems that Google was in weak negotiating position during early Android adoption, but that should be no longer the case. Apple with much smaller market share is doing just fine by upgrading devices on their own.

 

[poofyhairguy]

Google is doing 1. The problem in OP is corrected in the current version of Android.

As far as 2, phone makers always get to decide what to sell on their network. Even if a device works you won't get it in a Verizon store on a subsidy like most people buy them. The Nexus 6, which works perfectly on Verizon but is not sold by them, is a perfect example of why Google can't force the issue. If they can't make Verizon take ONE phone with Google's name and OS as is, how do they have the power to force all phones go that way? The answer is they don't.

Apple is the premium option. They have power that Google does not have across the board with developers and carriers. Verizon had to beg them for their phone. It is the opposite situation for them.

 

[lopri]

I do not think Android OEM's should unilaterally adopt Google-skinned Android. There are several reasons for this, but a big one in my mind is that it will only hasten the race to bottom phenomenon.

Look at the tablet market. Visit local hardware stores (heck, even some convenience stores) and you will see all those dirt cheap tablets that run stock-ish Android. When there is nothing else to differentiate, consumers will buy whatever is the cheapest. I have nothing against cheap hardware - to the contrary I enjoy them immensely - but the problem is that it squeezes mid-to-high range hardware out of the market because there will not be enough demand for companies to make ends with those.

If what happened in PC market in last decade is an indication, that means the market will be saturated with low-price, low-quality hardware along with select overpriced high-quality hardware from a handful of boutique vendors (e.g. Falcon Northwest, Alienware, iBuyPower, etc.) There will be no proportional gradation in quality and price. Keep in mind you cannot buy parts to build your own tablets like you do with PCs.

Take Xperia Z3 Tablet Compact, for example. Hardware-wise, that tablet is superior to iPad mini in almost every aspect. But it does not run iOS and it does not have killer software feature. And many people consider it too costly an option. Even those who often yearn for high-quality Android tablets will not put money where their mouths are in the face of low-cost, good-enough alternatives like the Nexus 7. If this situation continues, the middle will simply disappear, and the ultra-high end will follow shortly thereafter, leaving only low-end devices. Google cannot keep subsidizing good enough, low-cost hardware for the masses: See what happened with the Nexus 6 and the Nexus 9.

This is but one reason why I think OEMs should not stop innovating on software front. There are many other reasons why simply using Google-skinned Android is not desirable. We can discuss it further but I think there has to be some middle-ground where OEMs can innovate while keeping fragmentation to a minimum. (Edit: As poofyhairguy pointed out, Google already started the process by decoupling bundled software. It seems like a good policy and the OEMs should experiment with similar policies.)

 

[OBLAMA2009]

not a big deal imo, most people get a new phone every year anyway

 

[mrochester]

Google made the strategic decision to make Android open source which has allowed these things to happen. If that then comes and bites them on the ass, hard, then they've only got themselves to blame.

 

[notposting]

Re: carriers approving updates etc.

But Google won't even patch this. At all. And it is a hell of a lot easier to get a small security patch through that just makes a small fix rather than a whole new ROM changing everything.

 

[ControlD]

Then don't. Buy a Nexus. Google gives you the option to have what you want. You just can't get it AND a cell phone subsidy because part of that subsidy is to be able to feed you their crap ware.

I know, and if the Nexus phones weren't so underwhelming I would maybe consider it. Maybe. I get no real benefit from buying a phone outright so that's a big investment for my 2GB data plan.

For now I'll keep using a phone that also allows me what I want (Note 2) and hope something fits my needs down the road.

 

[ControlD]

2. OEMs and cellular providers hate free updates, so they were adamant that their builds are independent from Google releases. That way, they control when and what is updated. It seems that Google was in weak negotiating position during early Android adoption, but that should be no longer the case. Apple with much smaller market share is doing just fine by upgrading devices on their own.

But it isn't Google doing the negotiating in most of these cases is it? It is Samsung, LG, Motorola, etc. negotiating to get their phones sold through carrier stores. With the more open nature of Android I'm not sure how much control Google has over carrier / manufacturer updates. Perhaps if Google had gone the Apple route from the beginning and made themselves the sole hardware manufacturer things would be different, but that simply wasn't a practical consideration at the time.

 

[poofyhairguy]

Re: carriers approving updates etc.

But Google won't even patch this. At all. And it is a hell of a lot easier to get a small security patch through that just makes a small fix rather than a whole new ROM changing everything.

They did patch it. The patch is called Kitkat, but OEMs simply have no incentive to update. This isn't a Unix server, a security patch requires the same hoops a full ROM update must go through. For 60%+ of Android software updates were broken and they won't get the most basic patch. These devices are abandoned.

Google fixed it all in Lollipop. This is now all updated through play services.

 

[gorcorps]

http://www.extremetech.com/mobile/1...der-the-bus-refuses-to-patch-os-vulnerability

This is obscene, IMHO. More and more of the world is depending on Android for their daily life / business. And Google refuses to patch vulns, in anything but the current version of Android?

Whatever happened to "do no evil", Google?

I'm not a fan of Apple, but I really hope that this comes around to bite Google.

A MS Phone seems like a better idea every day. MS has a good record on patching vulns, even on older versions of software.

Of course, Cell Phone Cos don't get off scott-free here either, as many of them never issue patches either.

Are you serious? Are you freaking serious? You're expecting a company who can't even get phone devs and carriers to update to the latest and greatest version of Android to spend time and money developing a patch for old versions? That's the most ridiculous thing I've ever heard. The expectations that people have of these tech companies are bananas. If you're still on a 4.3 device then you can't expect the latest features... and top tier security is definitely a feature.

You want the best and most secure device? You have to have a phone that supports the best and most secure software. Seems pretty simple.

 

[sm625]

Most people willingly install at least half a dozen apps that grant permissions to all your photos, texts, contacts, and just about everything else. Android (and iOS) are so far beyond insecure that it really makes no difference if google patched this hole. What sense is there in patching a hole in a block of swiss cheese?

People vote with their dollars. And they have chosen the insecurity of Apple and Google vs something like a Blackberry.

 

[Ravynmagi]

In my opinion Google has already addressed this issue with Google Play Services (which can delivery security patches without carrier/manufacture updates) and separating many apps from the core OS (Chrome, YouTube, Maps, Music, etc).