Sources: ACLU [complaint], AP
quote: "While it's well-known in the security community that slow patching of vulnerabilities on mobile devices is a serious issue, we wanted to bring greater visibility to the problem,"
quote: How can that be? How does the more secure operating system end up being the target of the lion’s share of attacks and malware? Symantec merely notes that most mobile attacks don’t rely on operating system vulnerabilities, therefore there’s no necessary correlation between attacks and exploitable security vulnerabilities.
quote: The problem for the company is that the company made a (bad) decision years ago to cede control over Android to its business partners: the carriers and handset makers that sell mobile phones. That was all in the interest of fostering growth....That has meant putting security in the hands of those same business partners, even though they don’t bear any of the costs or reputation damage from hacked or compromised devices. You don’t, after all, read headlines saying that “malware spreading on Verizon phones,” or “malicious apps targets AT&T phones.” You hear about attacks on Android. The carrier and handset maker, except in rare cases, don’t warrant mention.Those partners have turned a blind eye to the kind of basic “policing” that needs to be done to keep the mobile ecosystem safe. While Google reliably pushes out operating system updates, handset makers and carriers drag their feet distributing those updates to vulnerable customers – worried, perhaps, about service disruptions or other support issues that might result. The latest data from Google highlights the challenge facing the company, with just over 16% of Android users running Versions 4.1 or 4.2 the latest versions of the OS, dubbed “Jelly Bean” more than six months after its release. In contrast, 44% of Android users are still running the “Gingerbread” release – Versions 2.3.3 through 2.3.7, a two year-old version of the operating system that has known security vulnerabilities. Add to that the proliferation of third party Android application stores, which operate with little or no oversight, and you have a mobile environment with lots of “broken windows.”