Google warns that Android smartphone manufacturers need to get better at updating their devices. In a blog post by Project Zero, Google’s cybersecurity arm, researchers explain that Android’s greatest strength – the decentralization of its ecosystem – is also its biggest weakness.
The researchers say that as it stands now, the patching process is too slow, too cumbersome, and too fragmented, putting consumers at risk of known and relatively easily exploitable vulnerabilities.
Decentralization issues
Android is a Linux-based operating system and essentially an open source solution, although it was built by Google; so 3rd party smartphone manufacturers like Samsung, Oppo, LG and OnePlus may have their own OS versions.
As a result, when Google releases a patch, it needs to be analyzed and optimized by the manufacturer before it is sent to the device. This means that Android users may be at risk of being compromised by malware for an extended period of time.
If that period goes too long and Google makes the vulnerability details public, it gives cybercriminals a unique opportunity to compromise endpoints without the need to look for new zero-days.
In contrast, Apple offers a closed ecosystem for its devices. The company is responsible for making most of its hardware and software. So, as the updates are entirely under Apple’s control, once the company releases a patch, most endpoints get it pretty quickly. In this sense, other manufacturers need to act quickly to ensure the safety of users.