back to article Android at 10: How Google won the smartphone wars

It was an anniversary that prompted much reflection. The Platform had completely triumphed and was now ubiquitous, relied on by people all over the world. You could find the Platform in almost every conceivable kind of device, from cars to TVs. Although Apple had once been the pioneer, it now had to settle for life in the …

Page:

  1. Anonymous Coward
    Anonymous Coward

    The Dystopian Future Today

    "For Windows 2003 to become Android 2017, merely add the obvious: Android is far bigger and far more invasive than a PC could ever be. Google's dominance over our personal lives is far greater than Microsoft's ever was. The clunky laptop in the corner did not track your every movement or read your emails. It didn't try to be "smart" – or at least if it did, the derision ensured it did not try for long."

    .....Makes for depressing reading... Puzzled how you sound so cheery?

    "staying on top might prove much harder for Google... explore in part two."

    .....Please tell us the 'data-monster' dies by choking on its own vomit?

    1. Anonymous Coward
      Anonymous Coward

      'tell us the 'data-monster' dies'

      It'd be great to imagine Fake-News killing off Google & Facebook. But that only happens in novels. Fake-clicks didn't kill them. Slurp revelations didn't even wound them. What will it take?

      1. Anonymous Coward
        Anonymous Coward

        Re: 'tell us the 'data-monster' dies'

        It'd be great to imagine Fake-News killing off Google & Facebook.....What will it take?

        "It's just that Google was in the game, at a time when others didn't realise what the game was."

        I'm a long- experienced business strategist by trade and in this quote Mr Orlowski nails EXACTLY how companies win in formative and evolving markets, not just tech, any evolving market. Not by being clever, just by being quick, organised and willing to take well judged commercial risks. But this is also how Google & FB will eventually lose, just as Microsoft lost the phone war, the tablet war, and many other wars.

        Dominant players get complacent, nothing new ever matches up to the scale and glory of their core business, it never gets the resources, energy, effort. And, in a dominant business, even for new products nobody ever has the hunger of the new kids, who live or die by their efforts. New ventures need multiple approvals from middle and senior managers who are incumbents, and see no value in attaching their name to possible failure. Look at how the old Motorola (pre-Google) struggled and failed to innovate, and the original V3 had to be developed in secret to stop it being crushed by the bureaucracy. Nowadays, these big companies promote ideas like "fail fast" and internal incubators - yet those all fail because they're still part of that dominant player, who no longer needs to, or can, innovate. Google trial lots of new things, yet look how they failed so spectacularly in social media, precisely because they didn't realise what the game was until it was over.

        Sometimes companies win, and then lose, because surviving and growing is a different to winning the market in the first place. Friends Reunited, for example, or perhaps even AOL. Look at how Tesla have won the premium EV market, whilst the motor industry sat on its arse, most not knowing what the game was, or thinking that it hadn't yet started. In that case, although Tesla have already won, there's further separate battles that I think they will lose - that they won't scale the business successfully, or be able to capitalise and build on their current winning position. But Tesla will probably live on in name, and will be fondly remembered as the company who defined the EV as a desirable, attractive car with great performance, decent range, and widespread charging support.

        Almost by definition, big companies lose because, like an elderly jaywalker, they simply don't see the fast car that wipes them out. So it will be with Google, Facebook. They won't go quickly or quietly, but they won't have anywhere to go as something most people won't see until it's done makes their core platform a lower value, low growth operation.

        1. Khaptain Silver badge

          Re: 'tell us the 'data-monster' dies'

          "Almost by definition, big companies lose "

          What's really worrying here though is what they will be replaced by, in general they will be overtaken by someone even more evil....

        2. fuzzie

          Re: 'tell us the 'data-monster' dies'

          What would make their demise interesting would be how people will get years of stuff they've uploaded back out of the platforms, or maybe, like MySpace and Orkut, they'll just hang around like dusty old attics.

          1. Anonymous Coward
            Anonymous Coward

            Re: 'tell us the 'data-monster' dies'

            What would make their demise interesting would be how people will get years of stuff they've uploaded back out of the platforms, or maybe, like MySpace and Orkut, they'll just hang around like dusty old attics.

            Well, in a catastrophic event, like a bankruptcy, the bills don't get paid, the servers get turned off, and then all the assets get sold. Chances of seeing your data again from those servers = nil. But that's unlikely, and I'd guess that these giants will fade away, there would be plenty of chance to get your data out, and advanced warning of a controlled cessation of services. Ignore the warnings, though, and your data goes.

            A related question, is what happens to your cloudy data if another corporation buys the fading business and therefore has access to all the unencrypted data within it. Ignoring any theoretical rights, what PRACTICAL rights will users have regarding their data and privacy? The data is probably already held outside the EU, the original agreements with the service provider may or may not carry over, there may be no opportunity for redress through any fair legal system or arbitration route. The buyer could well be

            intending to ream out every cent of value by abusing the data for all it is worth. Potentially, the buyer could be a non-investor owned corporation with very low transparency, possibly allied to (eg) the Chinese government, and their behaviour might make people think Google had behaved like a saint....

        3. jacksmith21006

          Re: 'tell us the 'data-monster' dies'

          Do not agree. The future is AI and Google is well ahead of the others where the puck is going. MS keeps skating where the puck was already at.

          1. Loud Speaker

            Re: 'tell us the 'data-monster' dies'

            The future is AI<P>

            The future was AI in 1947, and still will be in 2047.<p>

            To paraphrase the Goons: "Artificial Intelligence? We need the real thing!"

        4. a_yank_lurker Silver badge

          Re: 'tell us the 'data-monster' dies'

          @AC - About big companies - Successful big companies have a leadership that plays to win. They understand their strengths and weaknesses. What happens in many is the leadership plays not to lose.

          1. Anonymous Coward
            Anonymous Coward

            Re: 'tell us the 'data-monster' dies'

            Successful big companies have a leadership that plays to win. They understand their strengths and weaknesses.

            As the relevant AC, I'd like to say that I've got a lot of experience of different companies, and in almost all companies, when they stop to think about it, they do have a good idea of what they are good and bad at. But the incumbent mindset is unable to adjust to the analysis they undertake. Take UK energy suppliers - awful customer service, slow to react, pathologically process focused, competition-fearing, low innovation, risk averse. I've worked with the directors of one of these companies, they know all this, but they simply have a mental block about the fairly radical steps needed to overcome them. There's change initiative after change initiative - but nothing really changes. There's board away days with world famous gurus, every £1,000 a day consultant they can find, but they can't see that they are the problem, and that their behaviour is the shadow that all the middle and senior managers emulate.

            One other thought, in the longer view perspective, there's very, very few companies that survive and are continuously successful. Many are successful for a few years, or even decades, but what do you now hear of the East India Company, for example? They were so successful that at one point they ruled a quarter of the world. Even within the past hundred years, this pattern is repeated. A tiny number of businesses prolong this period by reinventing their business model, but that's in effect becoming a portfolio investor rather than running a company - GE are a good example of that.

            So, understanding SWOT is easy, but getting the directors of a successful company to back change is very, very difficult. How obvious was it to us that Uber was in trouble and needed radical top down change? Yet Travis the man couldn't see the need, or more likely he couldn't see how. Google et al don't see that tax dodging, and obsessive lobbying already are liabilities - by the time they do, they won't know how to stop. In the longer term, I don't believe there are any successful companies - they come they go, some thrive, then fade. None live forever, but unlike animals they can't live on through reproduction. And M&A merely moves corporate assets around, it doesn't enable the corporations to live on.

            1. a_yank_lurker Silver badge

              Re: 'tell us the 'data-monster' dies'

              @AC - I do not think we really disagree overall. The problem of a company is that it is hard to continuously find aggressive leaders who will play to win. Somewhere around the third or fourth CEO companies often pick] an excessively cautious CEO whose mindset is not to win but not to lose. If the board does not quickly realize this the excessive caution gets ingrained in the organization and they develop a pathological aversion to risk over time. The aversion to risk allows a competitor to grab profitable markets before the lumbering dinosaur is even aware of them.

              An example is Slurp. Gates was a driven leader who made Slurp a dominant software slinger. Ballmer tried to continue this in his tenure; the Nokia purchase is sign he was willing to take big risks. Nadella seems to be trying 'safe' bets such as SaaS and the cloud. He failed to understand Ballmer's Nokia purchase as an attempt to secure a future for Slurp on mobile devices. Nadella's strategy seems to be a 'me too' vendor in SaaS and cloud. The problem is for both is that SaaS and cloud are largely DOA in consumer space; very few consumers are thrilled at constantly paying subscriptions for something they use irregularly. So Slurp is now competing more directly with entrenched vendors in both who will fiercely fight any Slurp incursion. They are also largely fighting over the same customer base. Other than Office, Slurp's SaaS and cloud options are not sufficiently different to warrant being the automatic first choice vendor.

            2. Nonymous Crowd Nerd

              Re: 'they come, they go... '

              "... they come they go, some thrive, then fade. None live forever..."

              Really excellent points here. But we should not be complacent. I think there is something to be concerned about. Yes, the East India Company was huge - so were Standard Oil and Bell Telephones - and yes, all these declined. But they weren't truly multinational ("globalised") in the way that Google and Facebook et al are today. The US was able act to split Bell into baby Bells. But the same trick in today's circumstances is starting to look unlikely.

              While the issues of undue political influence and the erosion of the corporate tax base are widely acknowledged, western powers are looking disturbingly impotent, constantly divided and distracted and beset by lobbying. Nothing is being done to counter the threat. Nothing really viable seems even to be in the pipeline. Very soon it might be to late. Perhaps it already is.

        5. G R Goslin

          Re: 'tell us the 'data-monster' dies'

          It rather reminds me of the National Cash Register (NCR) company, who sat complacently on their mechanical design and manufacture, as the digital age steamrollered them flat.

          1. Anonymous Coward
            Anonymous Coward

            Re: 'tell us the 'data-monster' dies'

            It rather reminds me of the National Cash Register (NCR) company, who sat complacently on their mechanical design and manufacture, as the digital age steamrollered them flat.

            I believe NCR were doing a more than adequate job on the move to digital, up until AT&T bought them and crushed them to death? They were one of the five last mainframe makers, they had a successful line in EPOS, they were the leader in ATMs. I suppose it may have been the same outcome if AT&T hadn't bought them, but we'll never know that.

        6. John Smith 19 Gold badge
          Gimp

          " just about good enough, and its parent was prepared to cross subsidise it hugely."

          That's exactly how Windows was developed and how Microsoft won on the desktop.

          Expect the same "We are not a monopoly, other options exist" BS from Google ad infinitum.

          And yes, all your data belong to us.

          "Do no evil." Who are they f**king kidding.

        7. Jim Birch

          Re: 'tell us the 'data-monster' dies'

          There are plenty of incumbents who have been around for many decades and haven't blown it and are making plenty of money. The collapse of incumbents is a juicy narrative, not a universal truth. It depends. Nothing lasts forever but there are many things around us that have apparently lasted for a lasted for a long time.

      2. Bunty

        Re: Where is the anti virus to kill the Google virus? Bring it on!!

        Google must die! Google deleted all of my photos on Picasa when I left YouTube. Recently it deleted all of my contacts and phone numbers on my mobile and much more! Grrrrrr!. As I see it, Google is in the top category of virus, it removes or alters programs on your computer! It installs it's own programs on your computer or phone and makes changes. Under another name there would be anti virus programs to get rid of it - bring them on!

  2. Anonymous Coward
    Anonymous Coward

    Horsecrap

    "and every word above that describes Windows in 2003 also applies to Android today."

    Android isn't insecure, it's very secure. This doesn't fit very well with the clickbaiters and anti-virus industry desperate to cash in, but it's the truth.

    Android gets monthly patches, delivered in a timely manner to 1st party devices, (if you were stupid enough to buy 2nd party, or even 3rd paty device, that is not Google, nor Android's fault).

    Android has had proper application sandboxing from the outset, it's had a very good permissions based system, it's had a application store locked down by default. Windows had NONE of these things.

    With more active Android devices that Windows, you would thin malware would be widespread, however pretty much every story in the media is purely hypothetical, here in the real world, nobody ever sees real world problems.

    Whilst Windows has been the malware cesspool since the beginning of the Internet, and continues to be, even in Windows 10, whilst Android security problems are pretty much non existent..

    1. Anonymous Coward
      Anonymous Coward

      "BankBot Android malware sneaks into the Google Play Store - for the third time"

      Just the latest news...

      http://www.zdnet.com/article/bankbot-android-malware-sneaks-into-the-google-play-store-for-the-third-time/

      Smartphone malware is designed in different ways than desktop one.... take away your pink Google glasses, in the real world people run into troubles with Android.

      But of course they are "fake news", aren't they?

      1. Anonymous Coward
        Anonymous Coward

        Re: "BankBot Android malware sneaks into the Google Play Store - for the third time"

        But of course they are "fake news", aren't they?

        The OP was extreme in their position, but surely still has a valid point that the prevalence of actively exploited security problems on the Android platform does seem to be far behind the endless problems associated with Windows?

        1. Anonymous Coward
          Anonymous Coward

          "endless problems associated with Windows?endless problems associated with Windows?"

          Are you comparing oranges with apples? A desktop operating system has inevitably a far larger attack surface than a mobile OS, for the very reason it is much more versatile. Very few will accept the limitations mobe apps have on a desktop.

          Desktops don't get replaced every two years like a mobe, and many of them run more critical software than any mobe.

          There are also good chances your find more valuable data on a desktop (or server), and they are more useful as members of a botnet.

          Windows adds to that a legacy of old protocols and applications which is really time to kill once for ever, but there are also too many systems that may be crippled by that. iOS could kill all 32 bit applications at once, Windows can't do that.

          What do you prefer? Your local hospital crippled by a malware, or by a Windows update that causes any old application to stop working?

          And would you really like a Windows where you can't install applications but from its Store, which is something MS is trying to achieve? Or applications sandboxed in ways that make exchanging files and data a nightmare?

          1. jacksmith21006

            Re: "endless problems associated with Windows?endless problems associated with Windows?"

            How does a desktop OS have a larger attack surface? It is the exact opposite in every dimension. There is far more mobile software. Mobile OSs are doing far more things than desktop. Mobile phones are mobile so they are exposed to far more physical areas. There is a lot more mobile phones. Mobile phones are changing a lot faster than desktop. Mobile phones interface with a lot more things than desktop.

            1. Anonymous Coward
              Anonymous Coward

              "How does a desktop OS have a larger attack surface?"

              1) It does support many more network protocols than a mobe, and related services/deamons

              2) It has far more and more complex APIs

              3) It runs a broader variety of and far more complex applications (just loot at how an Apache Struts vuln can create havoc...)

              4) Applications can interact in many more ways

              5) Unlike most mobes they can receive network connections initiated from other machines (and usually mobes are behind the mobile company NAT system, which shields them from direct attacks)

              6) User perform more complex operations, involving more complex documents and data (which may be used as attack vectors)

              7) As already said, they need to support a lot of old, legacy applications.

              8) Unlike a mobe, there are far more concurrent services and applications running

              9) The amount of RAM, CPU cycles, and disk space makes far easier to hide malicious code.

              10) It does support a far broader range of devices, and thereby needs their drivers

              If you believe your mobe OS is alile a desktop OS, ask youself why Google don't run everything on Android...

              1. bombastic bob Silver badge
                Linux

                Re: "How does a desktop OS have a larger attack surface?"

                a) if it's windows, it listens on a bunch of predictable ports, on EVERY IP ADDRESS (including IPv6)

                b) if it's windows, it always listens on port 139 and 445, whether or not network sharing is enabled [last I checked, anyway]

                c) if it's windows, there are a number of "magic services" running that always listen for traffic on the same ports, so that an UNFIREWALLED system is potentially vulnerable to a number of potential cracks

                If it's NOT windows, none of this applies, unless it was configured by an _IDIOT_.

          2. Anonymous Coward
            Anonymous Coward

            Re: "endless problems associated with Windows?endless problems associated with Windows?"

            Hmm, Les get it on ACDC is playing in the back ground.

            Windows a bigger attack area than Android. Attack area depends a lot on area open to attack. Android has been like a siv and even the play protect thing hasn't proven too effective.

            If you are following proper procedure than your desktop machine should be off unwakable stone dead when not using it. The network should be physically disconnected when not using it. You should maintain separate non connected work machines with no wired or wireless connectivity (including microphones and any speaker or ir or remote device access), and figure a way to copy files to limited sized media to move data accross, to do updates (yes, not so easy).

            Now, your mobile, has access to a wealth of health biometrics, business communications, personal communications for anybody to make a case against you (bad, but in certain countries desdly). Your cloud data, and your computer's cloud data are all accessible through the mobile vector. Bank and card details. Identity theft details, you can be up fur 18 months of nightmare trying to prove you are who you are and correcting the issue (has happened here) while your accounts have been drained. Yes Mobile is an Achilles heal. Some people commit suicide over the sorts of things that they may store on their phone, even murdur. Now these data and communications are becoming more prevalent and visible because of mobiles, can you imagine if hacks flooded the internet with them?

            Mobile is a major OS just like desktop OD, and we shouldn't expect less security from them just because it fits in your pocket allwsys connected (even if data seems off) where it is more vulnerable to interception and loss. Can you imagine if outside countries figure out they can compromise people, and produce political/instability from the data of normal people, through blackmail, and desirable interactions, along with criminal enterprises. Already they have been experimenting on the larger level, but what they need is compromised assets on the ground. So, pretending to be criminals, they can black mail people into dubious acts, that eventually look criminal, but really are sabotage. Welcome to the slack IT and mobile future the industry has bought us (yes bought as well as brought). Thanks.

        2. DougS Silver badge

          @Ledswinger - prevalence of actively exploited ... on Android v Windows

          People - including/especially bad guys - go where the money is. At first malware was just to mess with people, the only thing the author got out of it was notoriety. Malware 2.0 came when building armies of bots for spamming became something you could make money with, so malware become monetized. As botnet armies are becoming less profitable for spamming we're starting malware 3.0 now - monetizing via ransomware.

          Phones were never useful for spam botnets, so they were irrelevant to malware 2.0. Having a backup of your phone is (ironically) a lot easier for people than a backup of your PC, so malware 3.0 isn't likely to be a factor on phones either.

          There are plenty of exploits found every month on phones, but in order to develop specific mass attacks, there has to be some monetary reward waiting. Otherwise the bad guys are going to continue putting their efforts towards PCs instead of phones, since they know there's a payoff waiting on PCs but not really on phones.

          The reason people are willing to pay big bucks on the black market for a 0 day on Android (and even bigger bucks on iOS) is not because they want to use it to hack a million phones. They want to use it to hack a few specifically targeted phones. If they can attack the phone and turn it into a tracker or maybe even a listening device, they can make a lot of money with the right target. Let's say they could listen in on some sensitive meeting - they could find out about a merger before it happens and make millions in the stock market. But what would be the point of listening to a million phones, what could you do with that? Nothing, because it would take forever to find the one or two conversations that you could monetize.

          1. Rainer

            Re: @Ledswinger - prevalence of actively exploited ... on Android v Windows

            > But what would be the point of listening to a million phones, what could you do with that?

            > Nothing, because it would take forever to find the one or two conversations that you could monetize.

            I think, the changing AI-landscape might force you to re-evaluate that position.

            Just because you and I can't come up with a way to profit from that in five minutes doesn't mean somebody else (with more criminal energy) can't come up with one next month either.

      2. Anonymous Coward
        Anonymous Coward

        Re: "BankBot Android malware sneaks into the Google Play Store - for the third time"

        They don't actually take about how many people actually got affected by this, or what permissions the app asked for.

        I know the answer, sod all real end users, a handful of security "experts" and the permissions are extreme to say the least, including needing to grant access to text messages and draw overlays on the screen.

        You would have to be a total cretin, or a security "researcher",(essentially the same thing) to fall for this.

        How many numpties stupid enough to fall for this even know what a crypto currency is????

        Quite clearly if you believe this story, then you too are buying i to the mountains of horseshit news that ZDNet and the others are desperate to push in an era of trying to generate revenue from anywhere.....

        Is it fake news, yes of course, there are small elements of the story that are true to attempt to add some credibility, but sod all in the way of any factual data to back up the claims

    2. MyffyW Silver badge

      Re: Horsecrap

      Forgive my ignorance - does "1st party" here refer to the rather small number of android handsets from Google themselves?

      If so does that make Samsung a 2nd party, or a 3rd?

      Genuinely curious...

      1. Spanners Silver badge
        Pirate

        Re: Horsecrap - MyffyW

        Bought from Google - 1st party

        Bought direct from Phone manufacturer or Carphone Warehouse etc unlocked - 2nd party

        Bought subsidised from phone company - 3rd party

        1. Anonymous Coward
          Anonymous Coward

          Re: Horsecrap - MyffyW

          Sorta

          1st party = Nexus or Google Pixel

          2nd party = Samsung, LG, Huawei, etc devices on an OTA upgrade path from the OEM

          3rd party = a customised version of 2 sold to you by a carrier, with special uninstallable carrier apps skins bootup logos etc.

          The patches trickle down from 1 (Google) to 2 (OEMs) to 3 (Carriers), with a large drop-off rate along the way.

          1. jelabarre59 Silver badge

            Re: Horsecrap - MyffyW

            1st party = Nexus or Google Pixel

            2nd party = Samsung, LG, Huawei, etc devices on an OTA upgrade path from the OEM

            3rd party = a customised version of 2 sold to you by a carrier, with special uninstallable carrier apps skins bootup logos etc.

            Sorry, but I'd place the Google/Nexus devices in "2nd party" as well, considering their inability to keep up on updates as well.

            The only thing that would qualify as "1st party" would be anything that can be readily flashed with the latest LineageOS build. If you can't fully control the device, you don't really "own" it, regardless of how much you paid for it.

        2. dajames Silver badge

          Re: Horsecrap - MyffyW

          Bought from Google - 1st party

          Bought direct from Phone manufacturer or Carphone Warehouse etc unlocked - 2nd party

          Bought subsidised from phone company - 3rd party

          No, I think you're missing the point.

          Google-branded phone with unmodified Google Android - 1st party.

          OEM-branded phone with the OEM's own customization and skinning - 2nd party.

          OEM-branded phone bought subsidized from airtime provider with customization by OEM and by airco - 3rd party.

          What's relevant is the number of customizations that would have to be re-applied to an Android update in order to upgrade the device. The closer to Google your device was sourced the more likely it is to see an upgrade.

      2. Anonymous Coward
        Anonymous Coward

        Re: Horsecrap

        Yep, of course. If you buy a network agnostic Samsung you are 2nd party and rely on how long it takes Samsung to pull their finger out, if you buy a network locked Samsung phone you are a 3rd party customer at the mercy of your network too.

        Its not rocket science,but clearly too many cretins can't work it out, and want to pay 3rd party prices for a flashy phone at rock bottom monthly rates powered by network subsidies, and expect 1st party support that you get only from Apple or Google.

        1. Loud Speaker

          Re: Horsecrap

          But any reasonable European would expect that, on pain of prison sentence for the company directors, the device would receive security upgrades as long as it remains operational - or at least 7 years - because the malware is a threat to others, not just the owner, and the owner is most certainly not a security expert.

          However, the EU has dropped the ball on this one. We need to leave the EU, so Boris can go after the Phone manufacturers for us (with a soft pillow)!

    3. RyokuMas Silver badge
      Boffin

      Re: Horsecrap

      "Android security problems are pretty much non existent.."

      In 2003, the vast majority of applications installed (legitimately) on a Windows PC were still installed from physical media. The "internet" was still a relatively new territory, and Microsoft - in their usual style - were completely wrong-footed when it came to the challenges that this might bring, namely the ability to piggy-back viruses and other nasties onto the back of emails, attachments etc that could then propagate themselves across networks and via email by plundering address books.

      Fast-forward to 2017, and the benefit of over a decade of experience. Android was built with a connected world in mind, and as a result is fundamentally more secure to the attack vectors that plagued early 2000s Windows PCs. However, if you want to install any software on Android, your options are either to get it from the Play store, or turn on sideloading capabilities and download it from another source. This latter option is considered risky, to the point where the argument has been posed to remove the ability. And the former option? Well,

      I'll just leave this here...

      In short, the attack targets have moved on in accordance with direction technology has taken, based on profit and easy of access - and considering that it costs a mere $25 to submit as many apps as you want to the store of the highest-market-share mobile OS, coupled with said store's front-line policing being purely algorithmic, it is not surprising that, to quote, "It's 2017 and you can still pwn Android gear with [insert attack vector here]".

      Security is, and always will be, a consistent predator-prey type chase - and anyone who claims that a system's security problems "are pretty much non existent" is either using something that is completely disconnected from everything, or has drunk the cool-aid of their vendor of choice.

      1. jelabarre59 Silver badge

        Re: Horsecrap

        However, if you want to install any software on Android, your options are either to get it from the Play store, or turn on sideloading capabilities and download it from another source. This latter option is considered risky, to the point where the argument has been posed to remove the ability.

        Seems to me the insistence on locking out the very people who *bought and paid for* their devices is wrongheaded in so many ways. You need a security patch the vendor hasn't provided? Tough luck sucker, cough up money for a new one and toss your old one in the toxic landfill. You want to secure your device further than the vendor's (or even Google's) failed attempts at it (such as parental controls for a child's device)? Too bad, you are forbidden the very root access you would need in order to do a proper low-level configuration.

        Heck, even on your most cluttered crapware-infested and insecure MSWin preload, you could at least wipe the system and do a clean, stripped-down install of an OS (excluding those abominations with locked-out "secure boot"). Android forbids that *by design*. Properly done, an Android system would have it's OS on a removable flash-storage that could be pulled, reformatted or replaced (much as you could pull and replace a HDD in a PC now). But we aren't "customers" to the Android vendors; we're just sheep to be fleeced.

    4. MacroRodent Silver badge
      Windows

      Re: Horsecrap

      A better comparison would be Windows Phone, which was kept well updated, and as far as I know did not suffer from malware. WP 8.1 was possibly the best OS Microsoft ever made. Too bad Microsoft broke everything that was good about it in the phone version of Windows 10: after having now used it for a couple of months, I can say they lost the phone wars deservedly...

    5. Dan 55 Silver badge
      FAIL

      Re: Horsecrap

      Android isn't insecure, it's very secure. This doesn't fit very well with the clickbaiters and anti-virus industry desperate to cash in, but it's the truth.

      Android gets monthly patches, delivered in a timely manner to 1st party devices, (if you were stupid enough to buy 2nd party, or even 3rd paty device, that is not Google, nor Android's fault).

      If Windows could only be updated on Surface, and OEMs took their own sweet time before sending out their own versions of those updates, and those OEM machines sold by shops who offered computers on credit held things up too by having to update their own bloatware as well before giving the go-ahead, nobody would be dare be silly enough to call Windows a secure OS. But that's what you're doing here.

      1. Joe Montana

        Re: Horsecrap

        The OEMs (and network operators) and their customisations are the problem, and the same thing does happen with windows but to a much smaller extent... Various vendors (eg of ATMs or POS systems) provide preinstalled versions of windows which you aren't supposed to update using the standard updates, if you do so the device becomes unsupported by the vendor and it may well break their custom software.

        I had similar problems with symbian phones, where operators would provide their own hacked versions with features broken or disabled etc, and often very unstable... Usually you could wipe them and install the stock nokia firmware which i'd done on several occasions.

        1. DougS Silver badge

          Re: Horsecrap

          All those security holes Google issues patches for every month are for Android, not for OEM or network operator customizations so you can hardly pin the blame on them. Whatever security holes they create may be unknown to the user since there would be fewer people looking for them versus generic Android bugs that would apply to all phones. If/when OEM customization bugs are fixed the OEM may never tell you that "fix for Touchwiz security hole X" was included in the Android patch that was installed. Which Android OEMs publish CVEs for their own layers (i.e. Touchwiz or whatever) or bundled apps? I'd be surprised to discover many do, they'd rather hide the problem.

          I don't think the OEMs have much incentive to look for bugs themselves in the way Google and Apple do, because they don't want end users to know that they may be adding insecurities on top of the ones Google is giving them. If OEMs don't list their fixes - or worse don't bother to even do fixes unless an outsider finds a bug and makes it / threatens to make it public - they can preserve an illusion that OEM or network operator customizations don't add any holes...

          1. Anonymous Coward
            Anonymous Coward

            Re: Horsecrap

            You known also have monthly patches too, but the luxury of closed source means they can silently fix them and. It have to declare them publicly. Because android is opensource, it's all in the open for everyone to see, no hidden behind closed doors shenanigans. This is handy monthly clickbait for el-reg and others, so everyone is happy.

            1. Dan 55 Silver badge

              Re: Horsecrap

              Play Services is not open source and is where the bulk of new Android* features are added.

              * Well, closed-source Google Android features.

          2. Anonymous Coward
            Anonymous Coward

            Re: Horsecrap

            "All those security holes Google issues patches for every month are for Android"

            Semi-true: For the latest version of Android.

            If and when you are using the previous version, you don't get anything, ever. That means that anything older than an year or two isn't updated at all.

            That's even worse job than MS is doing, by far.

    6. Cosmo

      Re: Horsecrap

      "Android gets monthly patches, delivered in a timely manner to 1st party devices, (if you were stupid enough to buy 2nd party, or even 3rd paty device, that is not Google, nor Android's fault)."

      I have a Nexus 4 phone and a Nexus 7 tablet kicking around at home somewhere. They are both 1st party devices. Where are their monthly patches?

      1. Anonymous Coward
        Anonymous Coward

        Re: Horsecrap

        LineageOS. Both those devices are now over 5 years old. Thank yourself lucky you didn't buy apple, they would have dumped you well before the 5 year mark, and an dumped apple device doesn't get ANY system updates.

        Your 5year old nexus devices however will have been updated to run the latest web browser and WebKit library for other apps to use) the latest email and gmail apps, and every other store updatable system app too, google would have squirted down the latest SSL libraries via Google play services too and would have sent you play protect (on device scanning for malicious apps).

        So yes, you got a hell of a lot more than a apple user would above got, your updates were delivered seamlessly without you noticing or needing a full OS update to get them.

        Are you missing out on kernel fixes, yes, but it's unreasonable to expect them on a device that cost less than £250 5 years ago.

        1. Cosmo

          Re: Horsecrap

          Are you missing out on kernel fixes, yes, but it's unreasonable to expect them on a device that cost less than £250 5 years ago.

          And this is exactly the problem. If I had bought a less than £250 Windows PC 5 years ago, I would still be getting kernel updates.

          1. naive

            Re: Horsecrap

            > And this is exactly the problem. If I had bought a less than £250 Windows PC 5 years ago, I would still be getting kernel updates.

            That is not a virtue of Windows, but a result from the differing supply models. MS sells the OS, dictates hardware specification to the OEM, and sends updates.

            Google makes Android available for free, instead of the $ 100,- MS charges, the OEM adapts it to match its hardware, and therefore becomes responsible for updates.

            Given the amount of freedom and flexibility, Android doesn't do badly, even the North-Korea inspired supply model of Apple has had its security issues.

      2. fishman

        Re: Horsecrap

        "I have a Nexus 4 phone and a Nexus 7 tablet kicking around at home somewhere. They are both 1st party devices. Where are their monthly patches?"

        While Apple does a much better job than Google on updates/patches, old iphones can be unsupported - try putting IOS11 on a Iphone 5.

        1. Anonymous Coward
          Anonymous Coward

          Re: Horsecrap

          I think google does a much better job than Apple personally. On 1st party devices, Google support in on par with apple, but android has a much better architecture for delivering updates. Apple need OS flash to fix a keyboard bug, Google deliver the system app via the play store, no OS update needed.

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019