3aIT Blog

Google have recently announced that the new version of Android will continue their confectionary product names and will be referred to as "Marshmallow". This release features new power management tools, fingerprint recognition, and an improved permissions system. It is expected to be released in September.

However, herein lies the rub. Despite that fact that the vast majority of mobile devices run Android, only a tiny percentage of these will ever see this update. While Google's own range of "Nexus" devices are usually updated very soon after the release of a new version, when you start to look at the multitude of other companies that use Android on their devices, things get a lot more hazy.

Currently, when you buy a new phone, many manufacturers will guarantee that you will get the next update and maybe the one after that (although even then, there's often a significant delay between the release of the update by Google and the manufacturers preparing this update for release on their devices). However, this couple of updates usually only takes you a few months down the road. After that, support often becomes a lot more patchy. Depending on the company, you may receive more updates after this. It's rare to find a device still receiving updates after a couple of years though.

The reason for this is obvious. The manufacturers don't want to spend the time updating last year's model. They'd much rather rather you chucked that device and bought a new one. Therefore, they use these updates as both the carrot and the stick to get you to constantly churn through new phones.

Now, if these updates were just about new features, this would be acceptable. As long as your phone does everything that the marketing spiel says it does when you bought it, then there would only limited cause to complain about not receiving extra features at some point down the line. However, this is not the big problem here.

The underlying problem was demonstrated perfectly at the end of last month. When the widely reported "Stagefright" bug was announced, Google was very quick to release a patch that would stop attackers being about to exploit this bug. However, that isn't much use to the millions and millions of users that are entirely reliant on their manufacturer sending this update to them. The vast majority of these users will never see this fix, and therefore their devices will permanently be at risk of this very serious compromise until the day they stop using it.

So, how do you fix this problem? Google will say that they're making all these updates available to every manufacturer, and it's their responsibility to keep their devices up to date. The manufacturers will say that they can't possibily be expected to continue providing updates to their devices indefinitely.

One way to solve the problem would be to do as Apple do and completely close off use of the operating system to anyone but themselves. That way Google could ensure that their devices are always kept up to date and that the Android brand isn't tarnished by 3rd parties providing inadaquate support.

However, this is probably not the best approach here, and indeed the relative openness of Android is one of its selling points. There needs to be some middle ground whereby the terms of the Android licence insist that the manufacturers have to keep their devices up to date for a minimum term, and that those updates are provided within a certain period of being released. That way, customers can buy a new device with confidence, and not have to worry that their expensive new purchase is going to be a massive security risk before they've even managed to light a fire to roast their marshmallows on.