Google: Half of Android devices haven’t been patched in a year or more
Credit to Author: Gregg Keizer| Date: Thu, 23 Mar 2017 12:41:00 -0700
Google engineers yesterday acknowledged that half of all Android devices had not received a security update in the past year, even as they argued that the firm has made progress in streamlining the open-source operating system’s patching process.
“About half of devices in use at the end of 2016 had not received a platform security update in the previous year,” Adrian Ludwig and Mel Mille, members of the Android security team, said in a post to a company blog.
Although Google has issued monthly security updates for Android since 2015 — and deploys those patches to Nexis and Pixel devices as soon as they’re available — other device makers often take weeks or months to push updates to customers, or never do. Android’s update problem is not new — it’s been in stark contrast to other operating systems, notably iOS, macOS and Windows, since Android’s inception — and is baked into the relationship between Google and the hardware manufacturers who build and sell phones.
In comparison, Apple claimed that 79% of all iOS devices were running iOS 10 as of Feb. 20. That meant nearly eight out of every 10 iOS device owners had updated at least once since mid-September 2016, or in the previous five months.
Ludwig and Mille asserted that Google has been working, and would continue to do so, on streamlining the update process “to make it easier for manufacturers to deploy security patches.”
In a year-in-review report on Android security issued by Google yesterday, the company was a bit more specific about the progress it believes had been made.
By 2016’s fourth quarter, more than half of the global top-50 Android devices had “a recent security patch,” the report said, but without describing how recent. Google also claimed that through an expedited approval process, hardware and carrier approval times for security updates had been reduced from “over one month to less than one week.”
Yet few Android devices can boast of impressive patch rates. And of the 15 models that reached an update rate of 60% or more — meaning that by the end of last year they had been updated at least once since Oct. 1, 2016 — six were Google-sold Nexis or Pixel devices.
The patching situation in the U.S. was better, Google reported. Seventy-eight percent of what it defined as “flagship” devices on the country’s four major networks had been patched in the past three months. Those devices included the usual suspects, primarily Samsung Galaxy phones, along with others such as the LG G5, Moto X Style and Xperia Z5.