Nervous Android users concerned about whether their phone is vulnerable to the “Stagefright” security bug and other vulnerabilities can rest a little easier after Google's announcement that it will issue monthly updates to protect devices from hackers. It's a major step forward for Android owners as the security of the Google operating system has, fairly or not, come under heavy scrutiny lately.
Last month researchers at the cybersecurity company Zimperium determined it would be possible for hackers to infect millions of users' phones by sending them a text message that includes a video containing a string of malicious software code. Hackers could then use the malware, described as the worst Android “bug ever discovered,” to sweep up any personal information on the target's phone.
In response, Google, Samsung and LG this week all announced they will roll out monthly security updates that aim to not only fix Stagefright but also prove that cybersecurity is just as much of a priority for Android as it is for Apple's iOS.
Unlike Apple iOS, Android is not in control of its entire ecosystem. Apple typically issues a big iOS update every fall and multiple, smaller updates throughout the year, updating security for its entire user base in one fell swoop. Google doesn't have that luxury and, with so many different vendors and carriers relying on Android, there are bound to be more security gaps.
“There are so many different players involved: Google does some code and pushes that out to their vendors, the vendors then modify that and send the code out to carriers, which modify it again,” said Andrew Blaich, lead security analyst at Bluebox, a mobile security company that helps enterprises fortify mobile applications. “Whereas iOS is more of a controlled ecosystem. A lot of it is how quickly they can react to security flaws.”
It's rare for more than 20 percent of the apps available on the Android dashboard to be updated to the latest software, Blaich added. Compare that to the roughly 70 percent that are expected to update automatically when Apple issues the next iOS later this year. This is absolutley a big thing for them,” Blaich said of the new Android policy. “It's an amazing step forward to say we're going to issue out patches for things in 30 days.”