Google has made a bold statement that its current Android offerings are as safe as other mobile operating systems.
Without mentioning names, it has placed shot over Apple’s bow that iOS is the new target for cybercriminals.
Of course, Google is referring to Android 8.x Oreo and not earlier versions. Fragmentation – the continued use of old versions of the OS is its greatest shortcoming.
There are more than two billion devices in the wild. About half of these (smartphones, tablets, set-top-boxes, etc.) are running versions 2-4. They will never be upgraded because their makers are under no obligation to do so.
The rest are running 5.x Lollipop (25.1%) 6.x Marshmallow (28.6%), 7.x Nougat (26.3%), or later and the majority are yet to install the latest security updates.
What can Google do?
Frankly nothing can be done for the older versions – these remain a security hazard. Probably little for 5.x/6.x users, and a little more for 7.x users.
It has tried the big stick approach demanding makers process operating system (OS) version and security updates, but that has not worked.
It has attacked the issue from the other end, and from August 2018 many new API (application programming interfaces) may not work on earlier versions. From November 2018 all apps will require a 64-bit version as well as an older 32-bit one. And from November 2019 new apps and updates must use the latest APIs to get into Google Play.
It has also had serious discussions with smartphone makers, but there is no way Samsung, the world’s largest Android maker, will abandon its TouchWiz/Grace UI and Galaxy apps ecosystem. For starters its UI and apps paper over the cracks in the Pure Android experience. Similarly, one of China’s largest makers OPPO will not change from its Colour OS as that is what its market wants.
Having used Pure Android the best I can say is that I could learn to live with it but coming back to Samsung’s Grace OS is like going home.
It has also had discussions with Telco carriers that often heavily customise Android to lock it to their services. Carriers don’t release OS upgrades until fully tested – a.k.a. Modified – for their networks.
So, Android 7.x is a little safer, and 8.x is safe?
No OS is safe while cybercriminals continue to make so much money from mobile and desktop devices.
For example, CVE details 1371 vulnerabilities for Apple’s iOS – 548 of these discovered in the past two years. It is far easier to update iOS on a handful of Apple’s own products. Already 65% are using iOS 11.x, but the remaining 35% are a big security risk. iOS 10 is still on 28% of devices, and the rest are on earlier versions because the device cannot handle iOS 11.x.