Here’s a simple truth we all probably know in the back of our minds – you don’t need to get a new version of Android because not much will seem different. The home screen or app drawer may have a tweak or two, and there will be one feature we would like to have, but the apps we use are going to look and function the exact same. The things we do, like messaging or Facebook, won’t use any of the new features developers have available for a while, and apps that do include the latest cool developer feature will be few and far between for quite a while.
That sucks.
Yeah. That really sucks. But there’s nothing most of us can do about it since we’re not building phone operating systems or apps ourselves. And we can’t get mad at the developers who make the apps, because of another simple truth: phones not getting fast updates are hurting the Android platform.
Google doesn’t care.
I hope they do care, because if it becomes a huge playground for exploits and hacks that lead to monetary loss and personal information loss, then that’s a huge issue in the long run.
Especially right now since they’re the biggest mobile platform, they’re the ones that will attract the majority of exploits and not having the phones patched up for extended periods of time or at all is just extra icing on the cake.
When it comes to Android security, this is a question of risk management.
Look at malware propagation rates on Windows PCs to see what users are willing to put up with. Then look again at malware propagation rates on Android and see that there are still ways to go until this becomes an actual problem for Google.
The most common way to receive malware on Android is installing apps from questionable sources. Google devised “verify apps” which works on old Android versions too.
Second most common security problem appears to be drive-by exploits on websites. Disabling the AOSP browser and using only browser apps (like Firefox, Chrome or Opera) seems to be the way to go.
Nope. Nope. Nope. Nope. Nope.
The towelroot/futex exploit is JavaScript-based but hits the kernel, and it works regardless of browser. And even moderately recent phones like the Galaxy S4 are affected. And it is actually been exploited in the wild.
The only real way to save yourself is to use Free AdBlock Browser (Chrome) or AdBlock Browser (Firefox), but you lose tab sync functionality, or to disable JavaScript in Chrome and Firefox, at least on dodgy sites.
BTW, this a major security nightmare waiting to happen. Users don’t care about security, which is the reason Windows 8.0 is still around (users still walking the net with that version have updates set to off, otherwise they ‘d be on 8.1) and when they do get hit, they think some hacker (like the one in Swordfish) did it with magic. The fact there are reasons a computer is compromised (for example lack of patching), is a completely unknown concept to them.
Edited 2016-09-01 21:18 UTC
What’s kind of funny is that outside the Nexus line, BlackBerry is the Android manufacturer doing the best at backporting security updates.
Says it all.
all they care about is Ad revenue. As long as that is coming in then all is fine in the Chocolare Factory.
I don’t think it will be long before Android is split off from Google into a separate company and then a few years down the line, it is sold off.
It isn’t part of their core business (IMHO) any longer and is just a drain on their resources.
If they can peruade the major Android device makers to take a financial stake in the Os then perhaps those makers will have more of an interest in releasing updates.
And pigs might fly.
Well, it is either that or Android is lfet to whither and die.
It is mature enough now. Where are the massive and innovative steps coming from?
Well, it is either that or could it suffer the same fate as many other Google projects and it is just closed down. google do seem to get bored with things.
Id loved to be proved wrong though.
My guess used to be is that Google cared more than the device manufacturer. Now that they have the market share I’m sure they’ll do what is necessary to keep it. And they’ll keep chipping away at Apple too.
I tried reading that article in Lollipop with the AOSP browser. The Javascript was so hyperactive it caused the page to not scroll correctly and eventually hang the browser. Perhaps the author would suggest that this can be solved by everybody upgrading more, but there seem to be other solutions too.
My phone could be updated to Marshmallow. I didn’t because doing so hardens the kernel in ways that would prevent root access, so updating would take away functionality I use, and my experience would go backwards. So, one other perspective – the issue with Android as a developer is that the only way to get tools to develop non-trivial applications is by depending on security exploits to unlock needed functionality. I mean, for now you could get a Nexus and pray that what you write works on devices people actually use, but seriously, as a story, this sucks.
But I think the real narrative which is missing across the industry is who gets to decide what OS version you use? Is it you? Your handset manufacturer? Your carrier? Google? Android pretty much applies the veto model where if any party thinks you shouldn’t upgrade, you can’t. But the view that everyone needs the latest version for the benefit of developers also implies that users don’t get a say, and if a new version breaks something you care about, then it sucks to be you. Be careful about embracing that world.
> The things we do, like messaging or Facebook, won’t use any of the new features developers have available for a while, and apps that do include the latest cool developer feature will be few and far between for quite a while.
Actually that is true. Android 4.x is complete enough for everything. The things that didn’t work in 4.x would be simple bug fixes, like to the VPN service, IPv6 and a few other things. The new features in 5.x, 6.x and 7.x do not add anything for the normal user. I’d be totally happy with an Android AOSP 4.x LTS that receives security updates, and I guess most users
Windows XP is also good enough for most users if it would still receive security updates.
No, just no. Marshmellow/ Windows 7 are the right versions for most people. They strike the right balance between security and usability. XP/ Icecream does not.
Well, the main problem with Android updates is that people don’t really care much about Android version, so the pressure on manufacturers is very low.
As I get it, Google Play serves different packages for different combinations of API and hardware platform. Thus if developers only targeted the latest API, the latest package for Android X would be just as outdated as Android X itself. That would likely put enough pressure on manufacturers to force them update devices and slow down the device release cycles.
I hate change for the sake of change. If things aren’t broke, don’t fix it.
Android is familiar, friendly, stable, reasonably fast, generally secure, attractive, and customizable for we power users.
It takes some less computer-savvy people months – or years – to get accustomed to using smart phones. They don’t like even the small changes that are made, unless it represents a genuine complaint they had with the old way or is easier to understand than before.
I’d venture to say that most power users don’t use the standard built-in applications anyway… and probably wouldn’t no matter how good they were. I sure don’t. Not one.
I don’t use the built-in phone, contacts, messaging, camera, browser, home, or any other app that comes with my phone other than the Play Store.
Any time I upgrade, I put the same apps back on without so much as worrying about whatever updates have been made to the built-in apps. I sometimes also use very specific versions of my favorite apps to avoid ill-conceived changes made to them.
And most people use cheap landfill Android, meaning they are on low-end hardware. 4.x works OKish on my cheap and small LG, but I’m pretty sure anything newer than Kit Kat will make me wait, spending precious minutes of my limited life gazing at an unresponsive screen.
I don’t need that, not for the sake of polished launchers, nor for wildly exaggerated security threats.
The problem with android fragmentation is not Google not caring about updating all user base. Android, from the start, was a mixed platform where each Manufacturer would be responsible for updating their phones. But they want to control every bit that goes in each update and *they* most of the time only update the high end models, to motivate you to buy the newer models.
Over time, Google tried to control more rigidly the updates and creating thigs like Google Play Services that is updated through the Play store. But some features and updates need core changes that only a full update would provide.
So the fragmentation does indeed suck, but the fault is from the Manufacturers: Motorola (or whoever owns them now) takes years to release updates. Sony and Samsung only update their flagship devices for 2 or 3 years, with luck. I never owned LG or HTC devices to know how they work, but I don’t think it’s much different from Sony or Samsung.
Even Apple that controls the whole process top to bottom, only updates the current model and 1 or 2 behind, so even in the gilded cage there’s fragmentation, even if it’s smaller than Android.
Can Google change this? Maybe if they subsidize new nexus models, like they did with Nexus 5, people will buy more Nexus devices, and that guarantees more updates. But different people want different phones, so we go back to demanding from the manufacturers (and carriers) to deploy the updates Google delivers yearly.
“…Axing Project Ara is one of the first steps in a campaign to unify Google’s various hardware efforts, which range from Chromebook laptops to Nexus phones. Former Motorola president Rick Osterloh rejoined Google earlier this year to oversee the effort.”
Maybe an effort similar to Microsoft’s Continuum?
http://www.reuters.com/article/us-google-smartphone-idUSKCN11806C
Developments like this talk of definitions on battle-lines.
Almost forgot: via DIGG front-page…