Earlier this year I wrote about the sorry state of Android. In that piece I pointed out that rampant fragmentation of versions, combined with the reluctance of hardware makers and the network carriers to push updates out to users, was turning Android into a "toxic hellstew" of vulnerabilities.
Fast forward to last week, when Apple CEO Tim Cook took my headline and gave it airtime during the WWDC keynote speech, and the Hardware 2.0 mailbox is brimming with people wanting to know one thing:
"I'm an Android user. What can I do to protect myself?"
Before we go on to answer that, let's get a better handle on the problem.
Android itself is a strong operating system, but the way that the platform is delivered to end-users is critically flawed. Rather than taking the iOS approach where updates are sent to users directly, Google chose to adopt a much more convoluted approach.
Whenever Google releases either an update to Android – whether that be a tweaks and bugfixes or critical patches for serious flaws – or a completely a new version of operating system, the code then goes to device OEMs to be customized with their own tweaks and personalizations. Then, for smartphones and tablets that are hooked to a carrier contract, the carriers then get a chance to add their own branding.
Not only is this a long chain, but the problem is made exponentially worse by the fact that neither the OEMs nor the carriers feel there's much of a benefit in pushing free software updates to customers, and would much rather focus on selling those people a new device.
One of the biggest problems with this fragmentation is that a huge number of users – numbering the hundreds of millions – are being left vulnerable to malware and data theft as a result of bugs and vulnerabilities in the code.
Another problem with Android is how deeply integrated the operating system is with Google products and services, and this can mean that when users do get updates, this can have unexpected consequences.
Take, for example, the issue highlighted by ZDNet's Violet Blue the other day.
"In the background, Google+ began "unifying" people's identities (combining its background matching of users names and profiles) in Android address books. […] Users found out in January 2014 when Google+ force-integrated chat and SMS into "hangouts" in the Android 4.4 "KitKat" update.
At-risk users were disproportionately affected, most especially transgender people who needed to keep their identities separate for personal safety and employment reasons.
One woman was outed to a co-worker when she texted him, and risked losing her employment."
Make no mistake about it; this drive by Google to integrate its products and services into Android contributes to the toxic hellstew. Google's billions aren't coming from selling consumer electronics, or licensing software and services, its money comes from advertising revenue, and the more and better it knows Android users, the better it can target them with ads.
So, on the one hand you have consumers who aren't getting updates, and that is putting their data at risk, while on the flipside you have users who are getting updates, but those updates are experiencing painful data leakage because of Google's desire to know more about people.
While I agree with ZDNet's Jason Perlow Google is chasing revenue, I believe that the bigger problem is that Google lacks the empathy to properly connect with consumers. Google is a tech company led by very brainy tech people, but in my experience, these people have a hard time seeing the human element in things. It is a company populated by people who don't understand why users don't get updates, and can't see what's wrong with integrating user's Google+ identities with their SMS identity.
OK, so you're running an Android device – or maybe you're planning to do that, or maybe you're an IT admin having to support an ever-increasing number of Android devices coming through the door – what do you do?
Here's my Android survival guide:
See also: