So, here comes the latest version of Android – named in Google’s typically sweet-toothed fashion, Marshmallow.
Or rather, chances are that it won’t be coming to your Android smartphone. Chances are that you’re not even running Android Lollipop yet.
Because, the giant problem with securing Android devices is the how to keep the OS updated with the latest security patches and fixes. In many cases, updates simply are not made available to Android’s many millions of users.
Compared to rival iPhones and iPads, Android devices have a poor history for updates, with many users left in the lurch even when huge vulnerabilities like Stagefright (and even Stagefright 2.0!) come to light.
If you’re hoping that Android Marshmallow will fix this problem then you’re going to be disappointed, as Ars Technica explains in its detailed 12-page review:
Marshmallow solves lots of little problems but ignores the biggest one…
“Android is far, far behind the competition when it comes to device security. The only real solution we can see is a Windows Update-style system that can send centralized updates to every device. This would require architecting the way OEMs and carriers handle software, but something needs to change so that there’s a real update and security solution for every Android device and every Android user. If you’ve got a Nexus device, the Android security update speed is still slow thanks to the rollout system, but at least it exists. For everyone else, maybe there will be something for you in the next version.”
In fact, when Ars Technica sums up the good, the bad, and the ugly about Android Marshmallow… it’s clear that they find security Android’s achilles heel:
There is still no solution for getting Marshmallow out to the billion+ devices out there.
The problem is that carriers, smartphone manufacturers and Google all have to work in unison to get an update pushed out to users. And they just don’t seem to have enough incentive to pull together in the right direction. Users of Apple devices don’t have this problem, because there’s just one company – Apple – in charge.
Millions of Android users deserve better than this.
Further reading: Here’s what Google thinks of Android security, 2011-present.
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.