In July, a major bug was discovered in the software that could let hijackers access data on up to a billion phones. Manufacturers have been slow to roll out a fix because many variations of Android are widely used. One Android expert said it was “about time” phone makers issued security fixes more quickly.
Android has been working to patch a vulnerability, known as Stagefright, which could let hackers access a phone’s data simply by sending somebody a video message. Stagefright is a critical Android vulnerability. It allows hackers to get system or media privileges of your device when your device is processing an MMS, without need of any end-user action. To make matters worse, MMS can delete itself before you open it. With such potential, Stagefright can wreak havoc on carriers and enterprises using Android devices for business.
Adrian Ludwig, Android’s lead engineer for security, at hacking conference Black Hat said that:
My guess is that this is the single largest software update the world has ever seen.
LG, Samsung and Google have all said a number of their handsets will get the fix, with further updates every month. Android is an open source operating system, with the software freely available for phone manufacturers to modify and use on their handsets. The Google-led project does provide security fixes for the software, but phone manufacturers are responsible for sending the updates to their devices. Some phones running old versions of Android are no longer updated by the manufacturer. Many companies also deploy customized versions of Android which take time to rebuild with the security changes.
Jack Parsons, editor of Android Magazine said that:
The very nature of Android is that manufacturers add their own software on top, so there have been delays in software roll-outs, In the US it’s even worse because mobile carriers often add their own software too, adding another layer of bureaucracy holding up security fixes. There’s no real villain here, that’s just how the system works. But there will always be security concerns with software, so it’s right that some of the manufacturers are stepping up to deal with this now.
Apple and BlackBerry can patch security problems more quickly because they develop both the software and the hardware for their devices. BlackBerry’s software is reviewed by mobile networks before being sent to handsets, while Apple can push updates to its phones whenever it wants.