Take it as an axiom that older software is less secure. It’s not always true, but if the code wasn’t mature at the time of its release- meaning it hasn’t been fielded for years upon years- it’s certain to be true. In an article in PC Magazine, Sara Yin finds that only 0.4% of Android users have up to date software, as compared to the iPhone where 90% of users have their phones up to date.
This represents a serious threat to cybersecurity, and it should have been a lesson that was already learned. Friend and researcher Stefan Frei has already examined in great detail update rates for browsers, a primary vessel for attacks. The irony here is that the winning model he exposed was that of Google’s Chrome.
What then was the failure with Android? According to the PC Magazine article, the logic lies with who is responsible for updating software. Apple take sole responsibility for the iPhone’s software. There are a few parameters that the service provider can set, but other than that they’re hands off. Google, however, provides the software to mobile providers, and it is those mobile providers who must then update the phone. Guess which model is more secure? Having SPs in the loop makes the Internet more insecure. Google needs to reconsider their distribution model.
Some interesting insight into the relationship between handset manufacturers and service providers on this thread – http://forum.xda-developers.com/showthread.php?t=913045
Great link!
It’s pretty clear to me that Apple benefits from as many of their users as possible being on the latest version of the software that their device can run, if for no other reason than reducing support costs. Compare this to the Android hardware vendors, who don’t anticipate any further revenue from a given device once it’s sold.
-jcr