Android Zombies

Android Founder: Install Base Fragmentation No Big Deal

Android owners who were hoping that Google might be on the cusp of cleaning up its balkanized install base won’t be cheered by the latest word from on high: Android co-founder and Google Ventures Partner Rich Miner thinks it’s no big deal.

Android Ecosystem Fragmentation
The latest version of Android – dubbed “Jelly Bean” – has the biggest share of the OS pie. But outdated versions still run on 60% of all devices. (Image courtesy of Google.)

Speaking on Tuesday at an event in Boston, Miner said that fragmentation of the install base was inevitable, given the number and variety of Android devices that are being adopted, according to a report by statement comes as Google is dealing with the fallout from a newly disclosed vulnerability affecting almost all Android platforms that could allow attackers to fool Android into installing and running compromised applications.  

Miner was speaking at a Mobile Summit forum hosted by the Massachusetts Technology Leadership Council. He made his statements while being interviewed by renowned technology journalist and columnist Scott Kirsner (@ScottKirsner) of the Boston Globe on the (evergreen) topic “What’s Next.”

Asked about the problem of install base fragmentation, Miner said there were 1.5 million new Android devices activated every day and 900 million devices in circulation – a massive population that can’t help but become fragmented over time. While “techies” might obsess about what percentage of Android devices are running the latest version of the operating system, most users don’t notice and don’t care.

“Us techies read the blogs and know what features we may be missing,” Miner said. “I think if you asked a consumer, `Do you feel like your phone OS needs to be updated today?’ they’re pretty happy with the results and the performance they’re seeing. So I’m not sure it’s a major issue,” he’s quoted as saying.

As we’ve reported, adoption of operating system updates from Google has been notoriously slow. As of March, just over 16% of Android users running Versions 4.1 or 4.2 –  the latest versions of the OS, dubbed “Jelly Bean” more than six months after its release, while 44% of Android users are still running the “Gingerbread” release – Versions 2.3.3 through 2.3.7, a two year-old version of the operating system that has known security vulnerabilities. The data has improved a bit. Google’s latest numbers – up through July 8 –  show around 38% of Android devices now run Jelly Bean, though its unclear what share of those devices are newly activated, and what percent have been upgraded from earlier versions of the OS. Indeed, reports from vendors like HTC suggest that many handset makers are loath to pass along OS updates to customers, even when the device in question is almost new.

Asked about the inevitable security issues that arise from having so many devices running vulnerable versions of an operating system, Minor pointed to Google’s handling of the recently disclosed vulnerability – which concerned the method Android uses to validate signed application (or APK) files – as proof that Google “has become more nimble in working with Android handset makers,” reported. 

But the APK issue seems to raise as many questions as it answers. Among them: why so many Android users still haven’t obtained a patch for the hole three months after Google made one available to its OEM (original equipment manufacturer) partners. While HTC and Samsung are known to have issued patches for some of their Android devices, Google did not respond to a request for information about how many handset makers and carriers had passed the fix along to consumers.

With a proof of concept code to exploit that hole now available online, it’s safe to assume that Google may be facing more pressure from customers (as well as the media) to make sure more of its Android users have been patched.

Comments are closed.