Sometimes we can’t know if the vulnerabilities mentioned by consumers are true or are just a result of their paranoia. ‘X-Ray’, an android app that scans for vulnerabilities, has reported results from more than 20,000 devices across the world. So we can safely conclude from this that more than fifty per cent of the android devices have vulnerabilities and is blamed on to carriers, as they are slow in updating the software.
Oberheide will present the details of this research at the United Summit conference in San Francisco mentioned that the vulnerabilities detected by the app are serious. He focuses on the seriousness; he says that if a user installs a malicious app that gains code execution somehow could lead to loss of full control of the device.
The vulnerabilities stay in the system for long as the carriers are conservative about launching patches to fix the bugs, no it is not about laziness, the patches are small but expensive codes and until X-Ray most customers didn’t seem to mind. Just imagine all the android devices (our imagination is too small for that) and then try to imagine the amount of testing to be done so as to debug the software, and if by any chance a mistake is made it will cause a huge financial loss to the carrier as the consumer base will move on to find another one. We all are aware of how fickle a crowd we are? We just wait in life for the next cool gizmo to hit the streets, and we pounce over it. So in such a world there is not much incentive for a carrier to develop a patch, only to find all its hard work and money wasted because another device hit the market that season.
However diplomacy always rules over reason, AT&T said that, “Patches must be integrated and tested for different platforms to ensure the best possible user experience.” A Sprint spokesperson said, “We would never knowingly withhold or prevent release of a software update containing security patch.”
Tim Wyatt, principal engineer at Mobile Service provider Lookout said to not to rely on the numbers. The vulnerabilities are much lesser than they were in the year 2011. He also mentioned that the research is biased as there is no mention that the patch cycles have improved from last year. Technical gossip is fun, because the consumer never knows the truth so let us just hope that the vulnerabilities see a downside curve in the coming time.