Android fragmentation leads to security hazards

A new version of Android always brings with it tremendous amount of fanfare and adulation. Some versions gain more popularity than others and penetrate deeper markets. However, ‘fragmentation’ is a major hindrance that Android faces and the latest upgrades seldom reach all markets simultaneously. This creates several security loopholes that can be exploited.

A patched OS brings several upgrades that enhance the layers of security and combat the latest threats. With Android malware on a steady rise, an upgraded version simply provides the best security. Older versions are more susceptible to malware and other threats as many people feel their devices are invulnerable. Applications that are infected with malware find it easier to enter phones that are not running the latest upgrades. Similar to desktops, smartphones should also be updated with the latest patches for better security.

Common reasons for delayed updates

A lot of Android users across the world are not even close to the latest upgrades and some of them will never even get to use them at all. Here are the reasons for that:

• Timely updates are seldom released by OEMs (Original Equipment Manufacturers). The reason is that if the latest updates were instantly available, sales of new handsets will dwindle.
• Since OEMs add their own skins and UI to Android, it takes longer to create development kits. This delays the process.
• Google does not enforce uniformity across all manufacturers. If Google enforced hardware policies and forced manufacturers to adhere to them, several security risks could be avoided.
• Latest Android versions do not work smoothly on low cost devices with less powerful specs.
• Some users are not aware of the latest versions and simply do not know how to upgrade.

Android user statistics

These numbers are taken from Google Play (Android Market) and do not necessarily include all registered users and also do not include users who bought Quick Heal Mobile Security from other sources.

• A majority of users (58.94%) are on Android 2.3.3 – 2.3.7 (Gingerbread). This is not the latest version but it is the most widespread of the recently released versions. Android 2.3 is run by 0.19% so Gingerbread users have mostly updated the latest patches.
• 20.92% users are on Android 2.2 (Froyo) and 8.18% are on Android 2.1 (Eclair). These are the users who are most at risk since these are older versions of Android.
• 7.05% users on Android 4.0 – 4.0.4 (Ice Cream Sandwich) are relatively safe since ICS has effective security features.
• Android 4.1 (Jelly Bean) is used by 0.12%. This is the latest version and is only available on very selected devices as of now.

This table lists the top 10 Android malware families that Quick Heal detected in 2011. Older versions of the OS are more gullible to these threats than the latest ones.

We advise all users to regularly update their Android version. This is more applicable to users who store sensitive data on their smartphone or carry out financial transactions. Admittedly, this is not possible for all users. Hardware limitations are a hindrance so one must study the requirements of a new OS version carefully before installation. The latest updates enhance security but can cause a dip in performance if the hardware requirements are not met.

Rahul Thadani