Last month, I used up a good chunk of text talking about how much I’ve come to enjoy using Android-powered smartphones. Unfortunately, a story I ran across over at Wired has convinced me that, at least for the time being, spending significantly more time with my iPhone 6 Plus might be a good idea.
According to the report, for many Android users, it’s not necessary to download an altered .APK file from a shady torrenting website or click an email link that’ll fill your handset up with malware in order to compromise your smartphone’s security. Twenty-five different Android smartphone models, made by well-known manufacturers and available across North America, have been found to be full of security flaws and other exploitable nightmares baked into them. The most frustrating part of it all: none of the exploits detailed in the story would be there if the manufacturers had their shit together
The potential outcomes of the vulnerabilities range in severity, from being able to lock someone out of their device to gaining surreptitious access to its microphone and other functions. They all share one common trait, though: They didn’t have to be there.To be clear, according to the security researchers at Kryptowire who went hunting for the vulnerabilities, none of the security issues found were the result of shitty coding on the part of Android’s development team. If you’re looking for a place to point an accusing finger, aim it toward the crackerjack software devs working for Android smartphone manufacturers like Asus, LG and ZTE. Their meddling with Google’s code to give their company’s handsets their own special flavor are where the security headaches begin and end.
Instead, they’re a byproduct of an open Android operating system that lets third-party companies modify code to their own liking. There’s nothing inherently wrong with that; it allows for differentiation, which gives people more choice. Google will release a vanilla version of Android Pie this fall, but it’ll eventually come in all kinds of flavors.
Those modifications lead to headaches, though, including the well-established problem of delays in shipping security updates. They can also, as Stavrou and his team have uncovered, result in firmware bugs that put users at risk.