Wireless Carriers Leave Millions of Android Phones Prone to Hackers

Millions of Android smartphones are left vulnerable as wireless phone carriers and handset manufacturers refuse to launch existing software security fixes to devices within an adequate timeframe.

Chris Soghoian, Principal Technologist and Senior Policy Analyst with the American Civil Liberties Union, said that unlike the iPhone, which sees Apple having power over carriers and also controlling the release of software updates to its devices, Android users are unable to receive an update on their phone without the carrier’s involvement. "The phones have to contact a server run by the carrier in order to get an update."

The update schedule of bug fixes coming from wireless carriers or hardware makers can take up to a year or longer to come to fruition. "When Apple decides that it’s going to give a security update to consumers or a feature update, every consumer who plugs their phone into their computer gets the update whether or not their respective regional carrier likes it," Soghoian said at the Kaspersky Security Analyst Summit.

With Android, "you get updates when the carrier wants it and when the hardware manufacturer wants it, and usually that’s not very often." He added, "This is not an instance where I’m criticizing Google for not fixing the bugs. Google’s team will usually fix it very promptly and make it available to all of their hardware partners. The problem here is that fixes for critical security vulnerabilities are simply not getting downstream and reaching consumers."

"You don’t need [a zero-day exploit] to attack most Android devices if consumers are running 13-month old software," Soghoian continued. He said that carriers need to accept responsibility for the devices they’re selling or leave the control of updates to Google. However, he believes that won't happen unless the government intervenes and applies pressure.

During the third quarter of 2012, the amount of Android malware surged by a considerable amount, with each new exploit becoming more sophisticated.



 

Contact Us for News Tips, Corrections and Feedback

 

Create a new thread in the US News comments forum about this subject
This thread is closed for comments
20 comments
Comment from the forums
    Your comment
    Top Comments
  • Anonymous
    Yet, another reason to root your phone
    12
  • wildkitten
    This has been one of the most frustrating things being an Android owner. The ridiculousness of the manufacturer having to submit build after build is outrageous. Verizon made Motorola submit at least 10 ICS builds for the Bionic before one ever got approved, and it wasn't because of how well the builds were but fights over bloatware and what could be frozen without root.

    This is one thing Apple does right with the iPhone. Google needs to push their weight around with carriers in support of their OEM's.
    12
  • InvalidError
    If carriers get hit by a handful of class-action lawsuits for billing usage generated by malware that should have been prevented by OS upgrades carriers never rolled out and that end-users could not install themselves due to DMCA, with courts telling carriers refund and eat future usage costs until they fix their phones, things may start moving more quickly.

    If carriers refuse to update phones and refuse to let susbcribers update their own phones, carriers should be responsible for malware data usage since this effectively means carriers refuse to do the minimum effort required to reduce the likelihood of malware getting on their devices.
    12
  • Other Comments
  • Anonymous
    Yet, another reason to root your phone
    12
  • wildkitten
    This has been one of the most frustrating things being an Android owner. The ridiculousness of the manufacturer having to submit build after build is outrageous. Verizon made Motorola submit at least 10 ICS builds for the Bionic before one ever got approved, and it wasn't because of how well the builds were but fights over bloatware and what could be frozen without root.

    This is one thing Apple does right with the iPhone. Google needs to push their weight around with carriers in support of their OEM's.
    12
  • wildkitten
    MoesfuryYet, another reason to root your phone

    A person whouldnt have to risk bricking their phone, voiding their warranty, increasing the cost of service only to get timely upgrades.

    Rooting should be done by enthusiasts, not seen as something the average typical user should do.
    -6