Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?
Android Security

Wireless Carriers Put On Notice About Providing Regular Android Security Updates 171

msm1267 writes "Activist Chris Soghoian, who in the past has targeted zero-day brokers with his work, has turned his attention toward wireless carriers and their reluctance to provide regular device updates to Android mobile devices. The lack of updates leaves millions of Android users sometimes upwards of two revs behind in not only feature updates, but patches for security vulnerabilities. 'With Android, the situation is worse than a joke, it’s a crisis,' said Soghoian, principal technologies and senior policy analyst with the American Civil Liberties Union. 'With Android, you get updates when the carrier and hardware manufacturers want them to go out. Usually, that’s not often because the hardware vendor has thin [profit] margins. Whenever Google updates Android, engineers have to modify it for each phone, chip, radio card that relies on the OS. Hardware vendors must make a unique version for each device and they have scarce resources. Engineers are usually focused on the current version, and devices that are coming out in the next year.'"
This discussion has been archived. No new comments can be posted.

Wireless Carriers Put On Notice About Providing Regular Android Security Updates

Comments Filter:
  • Re:Java (Score:5, Informative)

    by supersat ( 639745 ) on Monday February 04, 2013 @05:59PM (#42789947)

    No. Even if it did, it doesn't matter because Android does NOT rely on Java for isolation or security. Each application runs as a separate Linux user, and the kernel enforces isolation between apps this way.

    Because apps are isolated in this way, they can include native code.

  • Re:Unexpected? (Score:4, Informative)

    by Microlith ( 54737 ) on Monday February 04, 2013 @06:20PM (#42790301)


    The core problem with Android is a core problem with ARM, namely that all of the nice plug-and-play stuff that lets a single kernel, and thus an Ubuntu live CD, boot on many systems doesn't exist in ARM. So each handset has to have the kernel adapted to it. And since this adaptation has to be done for every kernel Google releases, the handset vendors get lazy particularly as the kernel moves on and leaves their older, out of tree drivers behind.

    This has little to nothing to do with regular Linux distros because compatibility across them is actually quite good and as of Jellybean there is nothing other than the kernel in Android that is used by other open source projects.

    That they fail to push security fixes, let alone new Android versions, is because they just don't give a fuck.

  • Re:Keep it Android! (Score:5, Informative)

    by AmiMoJo ( 196126 ) * <mojo@world3.nBLUEet minus berry> on Monday February 04, 2013 @06:30PM (#42790435) Homepage Journal

    The real problem is that customers in the US get completely and utterly screwed by the carriers. Really, you guys take it hard in the arse and pay though the nose for the privilege.

    In the UK you can get a phone on contract from a third party. You get the same contract deal as you would going directly to the carrier, although often for £5/month less. The phone is unlocked and unbranded, you get updates directly from the manufacturer and no pre-installed carrier crapware. There are some good deals on offer too, for example 3 do a really unlimited data plan. A friend of mine runs Android uTorrent on it.

    Regulation has delivered this for us. It is really easy to switch provider and take your number with you. Contract terms are heavily regulated to make sure they are fair and reasonable. It isn't perfect by a long way but it saves us from the rip-off hell that the US mobile market suffers from.

  • by bhagwad ( 1426855 ) on Monday February 04, 2013 @06:39PM (#42790547) Homepage

    Not everyone with a Windows PC has had their identities stolen and bank accounts empties. Oh any by the way, "security" is just a convenient excuse for censoring apps. Look at the big stories of Apple censorship - they have nothing to do with security and everything to do with Apple enforcing their own morals.

    Security my ass.

  • by tlhIngan ( 30335 ) <slashdot@w o r f . n et> on Monday February 04, 2013 @06:58PM (#42790827)

    Tell that to my Galaxy Nexus that's still running 4.1.1. So much for the idea that Nexus devices are on the cutting edge. They're abandoned as fast as any other phone.

    Only the Verizon Nexues are "abandoned". If you got the HSPA ones, you should be at 4.2.x already.

    If you're not, perhaps it's because you bought it from a carrier and have the default carrier firmware stuck to them with carrier firmware updates. In which case you need to go to Google, download the latest factory images and install them on your GNex. This will get updates as fast as Google pushes them out (the carrier ones actually have an update URL pointing somewhere else, while the Google ones point to Google).

    An interesting note - when I did this, battery life shot up dramatically. The carrier GNex firmware isn't all that great.

  • by trparky ( 846769 ) on Tuesday February 05, 2013 @12:32AM (#42793549) Homepage
    Actually, minor changes (like that) to your plan do not reset your wireless contract clock.

"Mach was the greatest intellectual fraud in the last ten years." "What about X?" "I said `intellectual'." ;login, 9/1990