Android is an operating system around which there are a lot of stereotypes that weakly correlate with reality. For example, in certain circles, it is generally accepted that Android, in principle, cannot function normally out of the box, and it must be fully configured, configured, and finished. Or, let’s say that Android is such a heavy platform that smartphones can barely pull it out even with 6 GB of RAM, not to mention weaker models. However, there are also stereotypes that are really based on real OS features.
Of course, I’m talking about updates that are rare for Android. No, of course, Google is diligently releasing one security patch every month, but they only reach at best two out of ten smartphones. And this is not my opinion, but the balanced position of experts in the field of information security of the Center for Internet Security. They conducted an independent study and found that due to the lack of clear regulation in the distribution of updates, most of the smartphones that are now on hand were prone to hacking and hacking.
Android Security Updates
Just imagine: the May security update Google released this week fixes as many as 39 vulnerabilities. Among them there are several critical gaps, exploiting which, hackers, in fact, can remotely take control of a vulnerable device and become its actual owner. It would seem, what difference does it make, how many vulnerabilities have the update fixed if it has already been released? However, the problem is that only Galaxy S20 smartphones, all Google Pixel, and Galaxy Fold devices have received it so far. All.
All other devices, even flagship ones, will either receive a May update with a delay, or, like my Honor View 20, will not receive it at all. Because the manufacturer believes that releasing monthly security updates every three months (!) Is the norm. As a result, if you start to count, it turns out that in the most optimistic scenario, the number of vulnerable smartphones will obviously equal or even exceed 80% of the total mass. This is a colossal figure, given that most devices do not receive patches in principle.
How to improve Android
Is there any way to solve this problem? Of course, it is useless to appeal to manufacturers who are responsible for the non-release, or rather non-adaptation of security updates. We have already seen this during the existence of such a phenomenon as security updates. So Google has to do something on its own. Yes, the search giant has plans to launch the modular Project Mainline architecture, which will allow distributing patches for all devices via Google Play, but I would not rely too much on it. There are several reasons for this:
- Firstly, it was planned to launch Project Mainline a year ago, but something went wrong and Google postponed this initiative until Android 11.
- Secondly, Project Mainline will be distributed as part of Android 11, which means it will not appear on devices for which this update does not shine.
- Thirdly, Project Mainline, like Project Treble, will require optimization by smartphone manufacturers, who in their usual manner can simply ignore this aspect.
So, you need something else. Despite the fact that manufacturers seem to operate independently of Google, the search giant still has power over them, which stems from licensing Google Play services. Therefore, I would take advantage of this on-site Google and obliged manufacturers to release security updates for all smartphones for three years, and not just recommended. In case of disobedience, the search giant could deprive brands of their services licenses, which would quickly change their attitude towards software support for their devices.
