Slashdot Mirror
Google Scans 6B Apps, 400M Devices Each Day; Says 30% of Android Devices Don't Get Regular Patches (googleblog.com)
Reader Trailrunner7 writes: As part of the enhancements to Android security, Google scans more than 6 billion installed applications per day on users' devices. The company also scans more than 400 million devices each day, it announced on Tuesday. Google last year also began releasing monthly security updates for devices running modern versions of Android, which includes devices on version 4.4.4 (KitKat) and later. "70.8% of all active Android devices are on a version that we support with patches," the Android report says. However, that still leaves hundreds of millions of Android devices without regular updates. There were roughly 1.4 billion Android devices active in September, according to Google, so that would leave about 420 million Android devices without patches. In the Android ecosystem, carriers are also responsible for pushing security patches to users, so while Google pushes security updates each month, not all carriers and device manufacturers release them to all users regularly.In its report, Google also says that fewer than 0.15% of devices, that only get apps from Google Play, had potentially harmful apps installed on them.
How many of those supported versions actually receive patches, though?
Well, Google, you're in the best position to make that happen. Allow your update process to update stuff like the libraries which had the stagefright problem to get updated by yourselves and not require the manufacturers to do it, because you know better than we do how bad they are at it. And have a word with Samsung, who tell you they'll provide major updates to Android for 18 months and then simply refuse to to it.
Or is this just a ploy to get people to buy from your increasingly bad value for money Nexus range?
>> Google Says 30% of Android Devices Don't Get Regular Patches
>> In the Android ecosystem, carriers are also responsible for pushing security patches to users, so while Google pushes security updates each month, not all carriers and device manufacturers release them to all users regularly.
It sounds like the ball's in Google's court. "Want to be an 'Android' vendor? You agree to keep your devices updated with our security patches."
My Galaxy Nexus with Android 4.3 says 'hi' :)
A flagship device only a few years ago, it's not received patches or any form of updates for years now and is now too unsafe to even consider using as a smartphone any more.
Meanwhile the iPhone 4S I also use is up to date on the latest iOS with no sign of support being dropped just yet, despite this phone being of a similar age as the Galaxy Nexus.
The lesson I have learned out of owning a Google Android device is to never buy Android again. Apple and even Windows update their devices for as long as reasonably possible, while Android is a walking security risk, even on Nexus devices.
Site & blog: http://www.mayaposch.com
Are there any non-Nexus devices getting monthly security patches from Google?
If you're a phone or tablet manufacturer and want to preinstall Google Mobile Services (GMS; e.g., Google Play, GMail, Google Maps, etc...) on the device, your device has to pass testing and be certified in order to be licensed to distribute that software on the device. While Android is freely released, Google's software that adds a lot of value is licensed differently. Google has the power to require that any manufacturer wanting to distribute devices with GMS also commit to providing Android updates in order to be licensed for GMS. Furthermore, just like Apple does with the iPhone, they have the ability as part of licensing GMS to require device manufacturers to not allow carriers to install bloatware. They can dictate these terms through licensing GMS, should they so desire. That 30% of Android devices don't get regular patches is very much a function of the way Google has licensed Android and GMS. Google has the power to change this situation going forward.
Samsung and others will just remove that Google updater. They fork Android and they don't want any update from Google.
And has been stuck at 4.1.2 for years. Unfortunately, it does everything I ask it to fairly well, so I have not been able to justify an upgrade, so I let my kids and ex-wife use the phone upgrades on my plan.
When did Google get into the scanning devices business? I thought scanning books would keep them busy for a while.
Thirty percent. Riiiiiiiiiiight.
"I like to lick butts!" by MobileTatsu-NJG (#32700246) (Score:5, Informative)
Newer versions of Android (6.0+ I believe) should have the security patches come through on a monthly basis even on manufacturer versions of Android (e.g., Samsung, LG, HTC, etc.) In other words, they are working at it, but it will take a while until all users have devices with 6.0+.
If they do that then Google should enforce the Android Trademark and stop them (Samsung etc) from using it.
Motorolo does, but it lags. My Moto X Pure 2015 is on the Patch version from February. Not great, but at least still supported.
When updates are filled with more and more intrusive advertising and/or take away options and features, what incentive do android users have but to not update?
I don't think there are that many. Like my Lenovo 5000-F doesn't get updates. That's why I've ordered a Nexus 7, so I can install Cyanogenmod. It's kind of upsetting that modding is the best solution for keeping up with security updates when either Google or manufacturers should be doing it.
My Tablet, which is my only 'mobile device', runs Android 4.1.1. I know security-wise I'd be better off upgrading, but my highest continued use of it is as a note taking and book reading device and it does those just fine. I don't get the need to 'upgrade' to a new device just because this one is long in the tooth. I have neither the desire nor monetary resources to do that right now.
I'm positive their are also lots of places in the world outside the US, Europe, and Japan where a device that is more than two years old isn't considered an antique. Vendors, including Google, need to realize this and figure out some way to do long term support for at least five years if not more. Heck I know plenty of companies that run ten year old PCs (or older since I know a few places run DOS still in their machine shops), so five years isn't really asking much and has at least been about the cycle for PC... This need to constantly push 'new' is unsustainable for a large part of their user base.
we are all invisible unless we choose otherwise
I'm positive they don't want the costs of keeping an OS up to date. If they fork their own version for their devices, they then take on all the major security issues Google has been handling. Samsung isn't the only Android vendor though and if they fall off the Google bandwagon for their own fork of it they will have quite the uphill battle. It would also give other vendors a much better shot at gaining marketshare. I've heard good things about the HTC 10 for instance...
we are all invisible unless we choose otherwise
I'm part of that 30% - my phone won't download a recent system update because there is insufficient dedicated system memory to (I assume) unpack and install the update. It's a fun combination problem - the version of 4.4.2 that I have won't let me move all downloaded apps to the SD card, which has 4x the available space as the internal memory. At least some of the software is bloat or crap from Virgin Mobile, and the other half of the problem is the very limited specs of the phone - an LG Tribute.
So, why isn't /. collectively freaking out about the gigantic quantities of telemetry involved that Google collects from each Android phone, like it usually does for everything else?
Where do I apply for a rebate from google for using my mobile bandwidth?
Google: "Here are updates and fixes to bugs, but you can't have them unless you accept our new EULA. We had 300 lawyers find new and exciting ways to screw you over, hope you like it."
Me: "No thanks."
It should be illegal for companies to bundle updates with new EULAs.
You're not even sure what version of Android constitutes "newer versions" and yet you're making unsubstantiated claims that there's some technical or business reason that allows/compels Samsung, LG, Sony etc to update their devices monthly? I'm going to call bullshit on that one.
And this is why telling clueless users that Android is more secure is doing them a disservice. The average user isn't going to have a secure Android device ever.
I don't have a mobile data plan (just text and voice), and use the WiFi VERY rarely, so they're not getting much, if anything, from mine.
Google's own braindamage is the reason why so few devices are actively patched. 6.0+ uses a filesystem block based patching mechanism. If you so much as mount the system partition (rw), you NEVER, EVER, EVER, EVER! get a single byte of patches.
And I don't know that the hell they're blabbering about... 4.4.4 absolutely does NOT get patches. Demanding I install 5.0.1 is not a patch. (it will then demand I install 5.1 then 6.0.) And unlike the majority of vendor "hacked" androids, Google doesn't ask a damn thing before it downloads hundreds of megs of crap I don't want -- tell me there's an update/patch/whatever and WAIT FOR ME TO APPROVE THE DOWNLOAD .
It's a Moto X 2014.
It say's it's software is up to date. It's a retail version so no carriers to get in the way. The Android security patch version is 1 Nov 2015. Hasn't been any update since 6.0.
Thanks for selling Motorola to Lenovo, Google. I bought the phone not only because of the features, but because Google makes a point of keeping it's devices updated.
The 2013 Moto G isn't getting Android 6 but the 2014 Moto G is. They have the same SoC and RAM, so it can't be a system performance reason.
My Moto X 2014 is on the November patch version.
does it lag as it is getting all updates late, or as is it getting one update per year?
HTC is no better. They have their own skin and update channel.
Seriously. 2.2.1 on an old, still in service phone, 4.0.1 on another. All as delivered, no updates ever pushed out.
My Moto E, which currently sells for $29 at WalMart (Virgin Mobile) got a major OS update this past week.
Bought my HTC V One in July 2012 (birthday present to me). As of now, it's never gotten a single OS update that I know of. Haven't loaded any apps on it for 2 years because newer apps don't run, and older apps I was interested in got loaded 2+ years ago.
// hardware sucks (power/volume buttons broke early and often)
/// software is buggy as hell
/ based on a sample size of 1, I'll never buy another HTC phone again
Sprint hasn't updated my Galaxy S4 since 5.0.1.
Freedompop has updated since Kitkat but they're complete incompetents; their upgrades fail every time.
I've been playing with Cyanogenmod and AOSP on my Freedompop phone, and when I'm happy with a version of Marshmallow, I'll probably go ahead and do it to my stock Sprint phone as well. Since Sprint can't seem to pull their heads out. Not to mention all the crap they install; at least this way I won't have 20 apps that I never use taking up resources with no way to remove them.
Cleverly disguised as a responsible adult.
That is exactly what Google is doing. They patch things like Stagefright through Google Play, even if the manufacturer doesn't release any OS updates themselves.
The issue is that some devices are either too old (pre 4.0) to get patches that way or don't have suitable network connectivity (e.g. they are configured not to do updates over mobile, and never connect to wifi).
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
No Samsung do provide major updates. For their definition of major, and without any mention of timeliness.
That's why I've ordered a Nexus 7, so I can install Cyanogenmod. It's kind of upsetting that modding is the best solution for keeping up with security updates when either Google or manufacturers should be doing it.
I presume you mean a Nexus 7 2nd, since a Nexus 7 1st is a TEGRA 1 platform and if you were going to buy one of those, surely you would buy a TF300. The irony is, Google is actually pushing updates regularly for the Nexus 7 2nd, so you don't even need to run CM on it in order to keep up with security updates.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
Yes, that's what I meant. And well, it is a Google Nexus. But what I said holds true for every device that has support for Cyanogenmod that isn't a Nexus lol. And also, I don't think Google will be supporting the Nexus 7 2nd forever.
You could probably count the number of device models that do on one hand with fingers to spare.
They cannot, if they want to ship the Appstore. They even have to place some apps on the homescreen, when they ship with google play. And they can either ship everything or nothing with the google appstore. So they need to comply or make an own thing like amazon.