[PCWorld]

Post your comments for Android Fragmentation Equals Android Insecurity here

[WallyDuke]

When smartphone security becomes a serious concern for the typical user, which I'd argue it has not yet, there will be even more and even better security software waiting to fill these holes, if I.C.S. doesn't greatly improve this situation itself. In my short time using Android, I've seen the third party security options improve tremendously, not only in choice but also in quality. That is why I think that this isn't anything to be too concerned about; utilize the common sense most of us have and everything should be fine. At least that's my plan, it's been working perfectly for years for me.

[WallyDuke]

Mr. McCracken, like so many tech journalists, you strike me as quite biased. The sky is falling, the sky is falling!

[IWASBS]

Convenient how the list stops at 12, since #13 is the iPhone.

[WallyDuke]

IWASBS, on 23 November 2011 - 08:58 AM, said:

Convenient how the list stops at 12, since #13 is the iPhone.

Wow, you're right the iPhone is #13! What's more, the linked article says that 56% of Android phones run an outdated OS and 62% of iPhones run an outdated OS! Mr. McCracken, either you don't do your research properly or I'm afraid I'd have to call you a paid troll. Either way, pretty weak!

[DrejXArmy]

WallyDuke, on 23 November 2011 - 08:38 AM, said:

When smartphone security becomes a serious concern for the typical user, which I'd argue it has not yet, there will be even more and even better security software waiting to fill these holes, if I.C.S. doesn't greatly improve this situation itself. In my short time using Android, I've seen the third party security options improve tremendously, not only in choice but also in quality. That is why I think that this isn't anything to be too concerned about; utilize the common sense most of us have and everything should be fine. At least that's my plan, it's been working perfectly for years for me.

I agree with Wally. Its nice seeing that people are actually tracking this and showing how much fragmentation there is, but no one will care till their bank account is empty due to a security flaw that allowed a hacker to copy your info and log in as you.

[thatshowitis]

I write viruses for living and there is no way I will right one for android. The is way too many devices and versions to make it work right. I don't want to do that much work

[WallyDuke]

DrejXArmy, on 23 November 2011 - 09:33 AM, said:

WallyDuke, on 23 November 2011 - 08:38 AM, said:

When smartphone security becomes a serious concern for the typical user, which I'd argue it has not yet, there will be even more and even better security software waiting to fill these holes, if I.C.S. doesn't greatly improve this situation itself. In my short time using Android, I've seen the third party security options improve tremendously, not only in choice but also in quality. That is why I think that this isn't anything to be too concerned about; utilize the common sense most of us have and everything should be fine. At least that's my plan, it's been working perfectly for years for me.

I agree with Wally. Its nice seeing that people are actually tracking this and showing how much fragmentation there is, but no one will care till their bank account is empty due to a security flaw that allowed a hacker to copy your info and log in as you.

Subtle sarcasm, nice touch! You're right, some people will have that happen, then the word will get out, most users will install some security software (which keeps getting better by the day) and life will go on as usual. This has been the case with Windows for YEARS, and anyone with a little common sense has very little to no problems at all. I have great confidence that soon almost all Android users will get a new device, install some free security software and go about their lives with no issues at all. Relax, the sky is NOT falling, nor is it about to.

[melgross]

WallyDuke, on 23 November 2011 - 09:09 AM, said:

IWASBS, on 23 November 2011 - 08:58 AM, said:

Convenient how the list stops at 12, since #13 is the iPhone.

Wow, you're right the iPhone is #13! What's more, the linked article says that 56% of Android phones run an outdated OS and 62% of iPhones run an outdated OS! Mr. McCracken, either you don't do your research properly or I'm afraid I'd have to call you a paid troll. Either way, pretty weak!

Except that the iPhone is considered to be the second most secure platform, right after the BB. WP7 is even less secure than Android.

[melgross]

thatshowitis, on 23 November 2011 - 09:36 AM, said:

I write viruses for living and there is no way I will right one for android. The is way too many devices and versions to make it work right. I don't want to do that much work

I call BS on that.

[WallyDuke]

melgross, on 23 November 2011 - 11:06 AM, said:

WallyDuke, on 23 November 2011 - 09:09 AM, said:

IWASBS, on 23 November 2011 - 08:58 AM, said:

Convenient how the list stops at 12, since #13 is the iPhone.

Wow, you're right the iPhone is #13! What's more, the linked article says that 56% of Android phones run an outdated OS and 62% of iPhones run an outdated OS! Mr. McCracken, either you don't do your research properly or I'm afraid I'd have to call you a paid troll. Either way, pretty weak!

Except that the iPhone is considered to be the second most secure platform, right after the BB. WP7 is even less secure than Android.

That may be the case, but this article specifically claims that Android is less secure because so many phones run outdated versions of the OS, but conveniently ignores that the article it references claims that an even greater percentage of iPhones run an outdated OS. I'm not claiming that Android is more secure than iOS, it shouldn't be due to it's open nature. I'm claiming that THIS article's premise for declaring Android less secure is complete BS and I'm also accusing the author of blatantly ignoring certain facts in order to paint a biased picture. I understand that some people really like iOS and want to see it do great, but that doesn't condone completely disregarding journalistic integrity. Shame on the author and shame on you for defending such shoddy journalism.

[Mikembq5]

This list is ridiculous and it's based on pure speculation. Anyone running 2.3.x is just fine with regard to security issues. Each succession (2.3.3 for instance) has more to do with minor API and bug fixes rather than security patches.

Let's just call this a 'red herring’ and move on...

[mwsw]

melgross, on 23 November 2011 - 11:06 AM, said:

WallyDuke, on 23 November 2011 - 09:09 AM, said:

IWASBS, on 23 November 2011 - 08:58 AM, said:

Convenient how the list stops at 12, since #13 is the iPhone.

Wow, you're right the iPhone is #13! What's more, the linked article says that 56% of Android phones run an outdated OS and 62% of iPhones run an outdated OS! Mr. McCracken, either you don't do your research properly or I'm afraid I'd have to call you a paid troll. Either way, pretty weak!

Except that the iPhone is considered to be the second most secure platform, right after the BB. WP7 is even less secure than Android.

And I call BS on that. Sources?

[crosswordbob]

WallyDuke, on 23 November 2011 - 09:09 AM, said:

IWASBS, on 23 November 2011 - 08:58 AM, said:

Convenient how the list stops at 12, since #13 is the iPhone.

Wow, you're right the iPhone is #13! What's more, the linked article says that 56% of Android phones run an outdated OS and 62% of iPhones run an outdated OS! Mr. McCracken, either you don't do your research properly or I'm afraid I'd have to call you a paid troll. Either way, pretty weak!

Um... the list stops at #12 because the report was presented as a "dirty dozen".  And iOS was presented as "honorary" 13th, with the clear implication that in fact its placement was more down to the size of the list than as a genuine comparison: had they presented a "top 10", iOS would have been "honorary" 11th etc.

As to the upgrade adoption, since you read far enough to quote the figure, I have to assume that you read the surrounding text, which was unmistakably positive:

Quote

The adoption rate for major versions of iOS is extremely high, especially when compared against Android . In January 2010, less than seven months after iOS 4 was first released, the popular app Bump released statistics8 showing nearly a 90 percent adoption rate . By June 2011, apprupt was reporting9 a 95 percent adoption rate . Compare that to Android, where version 2 .3 of its operating system was released in December, 2010, and eleven months later in November, 2011, there was only a 44 percent adoption rate . In October, 2011, Apple released iOS 5 . Less than one month later, Chitika10 released statistics showing an almost 38 percent adoption rate of iOS 5 within the iPhone user base .

So technically you are right that less than one month after the release of iOS 5 62% of devices are running outdated versions, but the report makes it absolutely clear that we can expect this number to fall rapidly in the coming months

You call shame on the author of the article, yet it is you who has knowingly and wilfully misrepresented the contents of the article's source.  Shame on you.

[lithale]

Bit9's methodology for figuring out the top 12 phones relies completely on the premise that we are only going to look at Android phones.

There's a chart further down that shows Apple's iOS has had more Integrity Loss Vulnerabilities than Android over the last 3 years, yet Android is still more vulnerable...

[WallyDuke]

crosswordbob, you make some good points, but I'd counter that the report calls any Android device not running Android 2.3.3 outdated, breaking it down into incremental releases, but the comment you, and the article, made regarding iOS4 adoption does not break it down into incremental releases, just simply iOS4 , which would bring the iOS4 adoption rate down considerably depending on when the data is gathered. If you call any version of Android 2.0 up to date, similar to what they do for iOS4, the adoption rate is nearly 100%. This was my reasoning for not mentioning that point, because they come to that conclusion using different standards, thereby rendering the data incomparable. You cannot compare apple to oranges (no pun intended), which is what they seem to be doing. I do however concede that the adoption rates for iOS are far better that for Android (obviously), just not to the extent the author of the article claims. I read their "honorary" 13th place ranking as their way of saying, look to be clear the iPhone isn't a lot better, although I'd agree that they don't seem to be making it a true 13th place finisher. All in all, I still maintain that the author was misrepresenting the data he was paraphrasing which is textbook violation of journalistic integrity .

[crosswordbob]

lithale, on 23 November 2011 - 01:37 PM, said:

There's a chart further down that shows Apple's iOS has had more Integrity Loss Vulnerabilities than Android over the last 3 years, yet Android is still more vulnerable...

And the text surrounding it explains that very few such vulnerabilities are reported directly against Android, but instead to the various technologies underlying it. Indeed it goes so far as to say that this lack of reporting makes it hard for security experts to know precisely which vulnerabilities are:

Quote

For example, in March 2011, a series of over 50 apps on the Google Android app store were discovered to be malware. The malware,
named DroidDream, took advantage of two exploits to gain complete control over a phone (root access). Google took the unique step
of invoking a “kill switch” that allowed them to remove the applications from over 250,000 phones where the malicious apps had been
installed. We were unable to identify any CVE (common vulnerability and exposures) related to DroidDream that was directly assigned
to the Android product. DroidDream took advantage of a variant of 2009 vulnerability (CVE-2009-1185) which was assigned to vendor
“Kernel” and product “udev.” Google patched this vulnerability in its Android 2.2.2 release.

[Nuke61]

There's a new wrinkle to this too... now it's been claimed that certain Android phones have what are essentially rootkits installed on them:

Quote

Own an HTC, Samsung, competing manufactures’ Android device? Chances are your phone is spying on you thanks to kernel-level tracking software by Carrier IQ. No, this isn’t another Android virus article, but one that is potentially more alarming given the depth of the tracking. http://gadgetsteria....android-phones/

[crosswordbob]

WallyDuke, on 23 November 2011 - 01:42 PM, said:

crosswordbob, you make some good points, but I'd counter that the report calls any Android device not running Android 2.3.3 outdated, breaking it down into incremental releases, but the comment you, and the article, made regarding iOS4 adoption does not break it down into incremental releases, just simply iOS4 , which would bring the iOS4 adoption rate down considerably depending on when the data is gathered. If you call any version of Android 2.0 up to date, similar to what they do for iOS4, the adoption rate is nearly 100%. This was my reasoning for not mentioning that point, because they come to that conclusion using different standards, thereby rendering the data incomparable. You cannot compare apple to oranges (no pun intended), which is what they seem to be doing. I do however concede that the adoption rates for iOS are far better that for Android (obviously), just not to the extent the author of the article claims. I read their "honorary" 13th place ranking as their way of saying, look to be clear the iPhone isn't a lot better, although I'd agree that they don't seem to be making it a true 13th place finisher. All in all, I still maintain that the author was misrepresenting the data he was paraphrasing which is textbook violation of journalistic integrity .

You are correct that direct comparisons between Android and iOS are generally futile; that's something I've always maintained. But I don't think report really tries to - it reads to me as a report primarily on Android, but with an addendum regarding iOS for balance. Indeed it states clearly that applying the same methodology to each would be senseless. However, on the subject of version numbers, the report doesn't base its claims so much on version numbers, but on age and existence of known vulnerabilities that have since been fixed. Check the chart on page 10: in fact they associate 2 penalty points for either 2.3 or 2.3.3:

Quote

2.3.x is latest version of Android. However, the first few releases 2.3 and 2.3.3 are almost one year old. The reason we did not distinguish between 2.3 and 2.3.3 is because we were unable to properly verify this distinction against manufacturer data. A number of manufacturer update announcements, for example, ay “Android 2.3” when they really mean “Android 2.3.3.”

On the other hand, versions 2.3.4 through 2.3.7 were awarded no version penalties, since 2.3.4 was 7 months ago, while the subsequent releases were relatively minor.

All in all, I would say that the report was rather fair; it does make it clear that iOS has its own vulnerabilities, and I'd certainly not deny this. However, the points it makes about the rather haphazard way in which updates find their way onto Android phones is a valid concern, and I don't think one needs to be biased in any direction to say so. I also believe that the very way in which they

I'd also note that the PCW article on which we are commenting doesn't mention iOS once.

[WallyDuke]

crosswordbob,
I confess I hadn't read the pdf, only the linked article and the attached infographic. Upon reviewing your latest points in further detail, I admit that your information is indeed accurate. The article is more vague than the pdf and I didn't get the full story from it. Therefore, I would concede that the infographics description of an outdated Android device is indeed a valid one. Being as such, I would like to retract my previous statement regarding the incremental updates and also calling the author out as biased. I confess that I was basing my comments on incomplete information. Mr. McCracken, please accept my apologies, my opinion, as previously stated, was based on incomplete information. At the time I made them, I felt they were accurate but now realize they were not. I admit I was wrong and regret my critical comments. If you feel so inclined, please feel free to remove all but my first comment, I now feel that they are inaccurate.

This post has been edited by WallyDuke: 23 November 2011 - 04:48 PM