Android Security: Google Dumps 60% of User Base

Here is the bottom line people — Google is throwing hundreds of millions of Android 4.3 (Jelly Bean) and earlier users under the bus. Why? I’m guessing it’s a purely cynical move designed to force Samsung, LG, Motorola et al to license and pay Google for Android security updates.

Google is pushing (blackmailing?) its OEM partners to go with pure Android, not the free open-source-(ish) version the vast, overwhelming majority of users actually have. In order to push OEMs, Google is throwing hundreds of millions of users under the bus.

Are you an Android user? Love Android? Needless to say, neither Google nor Android love you.

To whit, Google has announced that it will no longer update Android Browser for people running Android 4.3 and earlier versions of the mobile operating system. Google’s unapologetic move to effectively end Android security updates for the majority of its users is critical for three reasons.

First, Android Browser is how an Android-powered smartphone or tablet communicates with the world. If a hackers wants to remotely attack Android, it’s overwhelmingly likely Android Browser will be attack vector.

Second, Android 4.3 (Jelly Bean) and earlier versions of the operating system represent more than 60 percent of the Android installed base — think hundreds of millions of users spread across thousands of unique devices and scores of languages.

Thirdly, Google is telling those hundreds of millions of users to contact the device manufacturers and/or wireless carrier partners about Android security updates going forward. One imagines the Android End User License Agreement leaves users swinging in the breeze. Similarly, OEM partners likely have no recourse either.

Android Security: Existential Angst


All of those devices and localizations make extremely unlikely manufacturers or their local wireless carrier partners can afford to create Android security patches for v4.3 and earlier users — the economics are really, really tough.

Nevertheless, as ExtremeTech puts it, this move is highly, highly reminiscent late ’90s Microsoft dirty tactics:

What Google is doing, in essence, is telling its user community “Sorry, you have to tell Samsung, LG, and Motorola to provide you with an updated version of our operating system.” This is hilariously impossible … It’s a trick worthy of Microsoft in the Bad Old Days, and it’s particularly funny to see the company doing this, given that it threw Microsoft under the bus in December [and again recently when it published the full details of a security flaw two days before Redmond patched it, on the grounds that the desktop and laptop OS company wasn’t moving fast enough.

From an iPhone user’s perspective, this is laughable if not outright hilarious.

That said, if I were Microsoft, I’m pretty sure I’d find, publicize as many Android security issues, zero day and otherwise, as I possibly could. If Google wants a war, why not give them a war…

What’s your take?