back to article OEMs still the Achilles heel of Android security, say boffins

Good, but not good enough: that's the verdict of a bunch of researchers who checked out the security model that Google's applied to Android since the Lollipop 5.0 release. In this Arxiv paper, Elena Reshetova and her collaborators from Finland's Aalto University (with support from Intel) look over the post-Lollipop era, in …

  1. Anonymous Coward
    Anonymous Coward

    Their own fault really

    The more you customise and move away from trunk, the more work you have to do. So when OEMs (and networks) pile on their own "added value", they make more work for themselves and start to bleat that upgrades are too much effort.

    Well here's a startling concept. Sell phones with vanilla Android and let Google take the strain.

    This is why iPhone remains superior. One OS, one variation, one set of updates. Not the dogs-dinner of semi usable effluent you find in the Android arena.

    Windows Phone? Doesn't really matter, no sane person would use a MS phone.

    1. Anonymous Coward
      Anonymous Coward

      Re: Their own fault really

      Windows Phone? Doesn't really matter, no sane person would use a MS phone.

      Why?

  2. Anonymous Coward
    Anonymous Coward

    "..., say boffins"

    It didn't really need Boffins to be called in to determine this, surely? They shouldn't be diverted from doing interesting boffiny stuff to state what the rest of us already know.

    1. A Non e-mouse Silver badge

      Re: "..., say boffins"

      To be fair, what we think we already know isn't always true. That's why we need boffins to go and thoroughly test theories to see if they're correct or a load of homeopathic crystals.

      Remember when "everyone knew" that the Sun went around the Earth....

      1. Anonymous Coward
        Anonymous Coward

        Re: "..., say boffins"

        True, but perhaps in this case it might have been appropriate to put some apprentice boffins on it, to cut their teeth.

    2. Roland6 Silver badge

      Re: "..., say boffins"

      "It didn't really need Boffins to be called in to determine this, surely?"

      Yes and No!

      I think people (ie. application development businesses) tend to pay more attention to 'boffins'.

      Also going back to a previous comment:

      "This is why iPhone remains superior. One OS, one variation, one set of updates. Not the dogs-dinner of semi usable effluent you find in the Android arena."

      In some ways yes, the iPhone is 'superior' however, the Google approach has enabled a lot of rapid innovation; some of which Apple has used in iOS and the iPhone... However, just like desktop OS's, it is helpful to review things and consolidate the experience. I therefore look at this report as being part of this learning, so don't be surprised if Google tightens the rules...

  3. A Non e-mouse Silver badge
    Holmes

    Security is difficult. To do security correctly requires time and skilled people - both of which cost money.

    In a cut-throat market where margins are thin and short market lifetime, it's no surprise that vendors are cutting corners to get product out the door before it comes obsolete.

    1. Anonymous Coward
      Anonymous Coward

      That doesn't make it the right thing to do

  4. Stuart 22 Silver badge

    Security is reassuringly expensive

    I've just replaced my Nexus 4 with a Nexus 5x. I totally agree with the critics on HotUKDeals and elsewhere who tell me I could get the same hardware functionality or better for £100 less.

    That's what I willingly pay for probably the least worst security risk. Its worth £100 to be able to run a phone for 2/3 years and know its probably more secure than anything from the other Android vendors.

    The old Nexus 4 is still receiving updates (got a new one last week) which, I think, is well beyond Google's original commitment. Google just need more competition in this marketplace. Moto X Play and Wileyfox Cyanogen are welcome entrants but both still have a few questions to answer.

    1. Anonymous Coward
      Meh

      Re: Security is reassuringly expensive

      The old Nexus 4 is still receiving updates (got a new one last week) which, I think, is well beyond Google's original commitment.

      I'm impressed. People bitch that XP "only" got it for a decade, yet a phone is not expected to be patched for more than a couple of years.

      1. Stuart 22 Silver badge

        Re: Security is reassuringly expensive

        "I'm impressed. People bitch that XP "only" got it for a decade, yet a phone is not expected to be patched for more than a couple of years."

        Spot on. If and when 4/5X support ends I can probably stretch life even further by putting on the latest Cyanogenmod. Whereas most of the cheap chinese/carrier branded models' safe secure shelf life may already have gone by the time you get it. Good for landfill if you want security.

        The true cost is initial cost/years in use. I foresee with the maturity in the market the hardware is good for longer and longer - just like the PC market where 2 years was once the norm but it is 4/5 years now ime.

        Trouble is the carriers' monthly contract obscures the real cost reality. Something car manufacurers are trying to replicate? Where once they would splash £9,995 sales price its now £99/month for some obscure complicated agreement.

    2. thomas k

      Re: Security is not necessarily expensive

      I just replaced my LG Tribute (paid $50) running KitKat 4.4.2 with a Tribute 2 running Lollipop 5.1.1 (paid $70). LG did provide an update to fix Stagefright. And in 6 months the next Tribute should be out.

  5. Anonymous Coward
    Anonymous Coward

    Windows Experience

    My expectations for security was pretty low thanks to M$, but other than Google's lack of privacy they are a huge improvement.

    I've had plenty of malware incidents to deal with on my family's machines (Windows), but when they all went to using tablets this all stopped.

    .

    Anyone out there come across any tablet malware in the wild?

  6. annodomini2
    Coffee/keyboard

    Update model is fundamentally flawed aswell...

    As the majority of these patches are coming from the core OS, the fact that they require the whole system to be updated indicates that the update system in Android (probably others aswell), is fundamentally flawed.

  7. Anonymous Coward
    Anonymous Coward

    And this is news?

    Really?

    How many more articles do we need, stating pretty much the same?

    Or is this Google trying to slowly disenfranchise the OEMs? You never know with them.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021