Android is often accused of being less than secure, something that Google has repeatedly said is the fault of OEMs who take the secure software of stock Android and change too much. The biggest Android OEM is Samsung and now the Korean giant has decided to take security on the platform a step further by issuing monthly security patches for its handsets.
Dong Jin Koh, executive VP at Samsung, spoke about insecurity on the open source Android operating system, particularly focusing on the “Stagefright” exploit that left 950 million Android devices open for attack recently. That was not the first time issues have been apparent, with Google’s own research showing 5% of all Android devices are infected with malware (a small amount on paper that actually totals millions of units worldwide).
“With the recent security issues, we have been rethinking the approach to getting security updates to our devices in a more timely manner,” said Koh. “Since software is constantly exploited in new ways, developing a fast response process to deliver security patches to our devices is critical to keep them protected.”
Samsung’s move will certainly be an aid to Google as the company has been fighting an unwinnable battle against the idea that Android is a security risk.
The company has repeatedly defended itself and claims that security is a top priority when building new Android versions. Mountain View insists that Android is as secure as any mobile platform in its stock form, but the problem is over 95% of all Android products do not run the platform as stock.
Third party vendors drape their own software and skins over Google’s platform, while developers are free to build apps with minimal restriction, using forked systems to bypass any Google rules. Samsung has been spearheading increased security on its own devices with its Knox system and other methods, and now the company is matching Google’s ambitions by sending out monthly security patches.
The company was among the first to send out fixes for the Stagefright problem and is clearly worried about any future vulnerabilities in Android. It is certainly in Samsung’s best interest to stamp out any problems and give consumers piece of mind, especially with the Samsung Pay service due to launch before the holiday season.
As for Google, it too will start issuing monthly updates, although the company said it will only do so for its Nexus products (i.e. the ones that run stock Android), including the Nexus 4, Nexus 5, Nexus 6, Nexus 7, Nexus 9, Nexus 10 (deep breath) and the Nexus Player.
What’re your thoughts?