Menu
KitKat is out, but a lot of Android users won't get it

KitKat is out, but a lot of Android users won't get it

some people may never get to use the enhancements in KitKat until they replace their phone

Google has added lots of nifty features in the latest version of Android. Unfortunately, for most users of the mobile operating system, they'll have to buy a new mobile phone if they want to get the latest and greatest technology.

[Experts weigh in with wish lists for Android 4.4 KitKat security]

Google released Android 4.4 KitKat last Thursday, but how soon users will get the OS will very much depend on either their wireless carrier or the device manufacturer, which tend to move slowly. As a result, some people may never get to use the enhancements in KitKat until they replace their phone.

The update problem has existed with Android since the beginning and most experts agree it presents the biggest security risk to users. Updates always include patches for vulnerabilities, and once the fixes are available, hackers are able to analyze them to find and exploit the flaws.

"We see exploits available in a matter of days after a patch has been disclosed," Adi Sharabani, chief executive and co-founder of mobile security vendor Skycure said. "Attackers are creating these exploits to attack users who haven't updated their devices."

The risk of not having regular updates was cited a couple of months ago in a memo the FBI and Department of Homeland Security sent to police and fire departments. The warning said SMS Trojans, rootkits and fake Google Play domains were the top security threats to out-of-date Android devices.

While experts universally agree that the lack of timely updates is a major security problem, there is no easy solution. That's because Google lets anyone modify Android to fit the needs of their business, which means there are as many ways to update Android as there are flavors of the operating system.

[The Department of Homeland Security and its obsolete Android OS problem]

Sharabani would like to see Google make structural changes to the Android codebase, so there are application programming interfaces (APIs) available to update the core OS without damaging whatever software is running on top of it, such as the user interface.

While that sounds reasonable, Tielei Wang, mobile security researcher at the Georgia Institute of Technology, points out that depending on the amount of customization, updating without breaking may be difficult.

"(Even with the APIs) it may not be easy to merge Google's code changes," Wang said.

Sharabani also suggests that Google launch a certification program for companies using Android. Those businesses that integrate Google's update mechanism into their platform would be certified as such. In addition, Google could impose other requirements, such as sending out patches in between OS updates for previously unknown vulnerabilities that hackers are exploiting.

Again, such a program sounds like a good idea, but managing and controlling it would be hard. Android has become the leading mobile OS because Google made it easy for carriers and manufacturers to use it. Changing that model would likely lead to serious discontent.

"Currently, it's almost impossible for Google to ban major manufacturers," Wang said.

Besides the technical difficulties, carriers have a business interest in not making Android updates a priority, Bogdan Botezatu, senior e-threat analyst for Bitdefender, said. Rather than update software, carriers would prefer to have subscribers buy a new phone.

"Instead of delivering fixes, phone manufacturers would rather spend their resources on developing new devices to deliver along with the latest version of Android," Botezatu said.

So for now, Android fans who want the latest update will have to be technically advanced enough to root their smartphone in order to install KitKat. For those who want regular updates in the future, they can buy their phone directly from Google.

Anything more universal won't come easily.

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags Googlesecuritymobile

Slideshows

Top 50 defining moments of the New Zealand channel in 2016

Top 50 defining moments of the New Zealand channel in 2016

Reseller News looks back on a tumultuous 12 months for the New Zealand channel, assessing the fallout from a year of sizeable industry change. Whether it be local or global mergers and acquisitions, distribution deals or job changes, the channel that started the year differs somewhat to the one set to finish it - Reseller News assesses the key moments that made 2016.​

Top 50 defining moments of the New Zealand channel in 2016
​Hewlett Packard Enterprise honours high achieving NZ channel

​Hewlett Packard Enterprise honours high achieving NZ channel

Hewlett Packard Enterprise honoured its top performing Kiwi partners at the second running of its HPE Partner Awards in New Zealand, held at a glitzy ceremony in Auckland. Recognising excellence across eight categories - from distributors to resellers - the tech giant celebrated its first year as a standalone company, following its official split from HP in 2015.

​Hewlett Packard Enterprise honours high achieving NZ channel
Nutanix treats channel partners to Christmas cruise

Nutanix treats channel partners to Christmas cruise

Nutanix recently took to the seas for a Christmas Cruise around Sydney Harbour with its Australia and New Zealand staff, customers and partners to celebrate a stellar year for the vendor. With the sun out, they were all smiles and mingled over drinks and food.

Nutanix treats channel partners to Christmas cruise
Show Comments