Friday, 30 September 2016

Android sucks!

Strange shout and especially from somebody like me who is big fan of Android.

So, what's the story?

Android is a very successful operating system for mobile devices with market share similar to share which are having Windows on Desktops (Mobile OS / Desktop OS).

The problem for Android is fragmentation. The problem is not only because having many version running means difficulty for developers to test and optimize for so many versions but more serious problem is security.

The security is a problem running an older version of Android, which is not receiving any security updates. Your phone might be is vulnerable to attacks and you don't have to be Democrat. Those things have even names QuadRooter, Stagefright and allow the attacker to take full control over your phone. And imagine what is on your phone, how you use your phone as a device for two factor authentication, accessing your bank account, taking photos of your children, really not fun. And it could be even worst, you can be part of some dirty game and not even knowing about it.

Getting security updates and patching is normal and a very basic thing which you do on your desktop computer, same on servers, so why is it an issue for Android and it's ecosystem?

I've seen it personally in action when I've got a mobile phone on a two year contact from T-Mobile UK, now EE, it was Sony Xperia Neo V.
Customized Android by Sony, on top of it added bloatware (totally useless) by T-Mobile. During the time which I was using it, there was only one major update and two? small updates. Then Sony gave up and hasn't released any other update. At least I wanted  to install available updates which were released by Sony, but no OTA (over-the-air) updates were available to me.

I've asked Sony where is my update and they told me to talk to T-Mobile. So I've talked to T-Mobile about where is an update and they told me to talk to Sony.
At the end I had to de-brand my phone, install generic firmware and then finally I've received an update. At least I had Gingerbread then.

But this is exactly what is happening with Android fragmentation and why there is such a bad situation with Android phones when it comes to a security. The reason behind it is simple Greed!

When you have a phone which is getting older and is not receiving any new features, soon you are going to buy a new phone. And this is what phone makers and carriers want; to keep wheels spinning and sell.

A couple of years ago I've bought OnePlus One with CyanogenMod as alternative version of Android. Since then I've received 4! major updates and I am still getting minor updates almost every month. My phone is really powerful, everything is still lightning fast and I really don't have a reason to buy a new phone. Slowly but surely phones reached performance levels where there is no need to buy a new phone because something much better, much more powerful is available.

In US FCC and FTC woke up  and are investigating what the hell is going on with Android security updates. In EU we are not so lucky, European commission is opening a battle against Google instead of focusing on real world problems.

So what can you do about having a secure phone / tablet? Don't buy a device which doesn't have declared support - you will receive updates. Pretty good are Nexus devices where Google declared support lifecycle:

"Google is committing to keeping the now-monthly security updates coming for either three years from initial availability in the Google Store or 18 months after it is removed from the store (whichever is longer)."

But even Google is no angel, Motorola phones support changed over night when they sold it to Lenovo. Samsung promised to provide schedule for supporting it's phones and tablets, but as far as I know, it's still only a promise. The rest, who knows. My experience with Sony is terrible, Motorola, after taken over by Lenovo, is terrible, Asus is not too bad, OPO is good, Nexus devices are clear winners.

But there is another option, to break the chains and install an alternative, better supported version.  Mentioned CyanogenMod is a very good alternative with excellent support for many devices or CopperheadOS which claims to be hardened Android with focus on security. But there is a catch. You need a phone which allows you to unlock bootloader to load custom ROM (OEM unlock). As you can guess, many vendors make sure you are going to buy very soon a new phone and you can't unlock bootloader. There are ways around it to obtain root access but you are risking bricking your phone.

The conclusion is quite simple. When you are going to buy a new Android phone or tablet, device support should be one of the key factors what device you are going to choose, as important as price and hardware specs.
And when you buy a phone, make sure that you can do with your device, which you paid for, whatever you want, including flashing alternative ROM as a way to keep your device and data secure.

0 comments:

Post a Comment