Android phones are the most popular in the market right now, with millions and millions of handsets penetrating developed and developing markets. Sales from giants Samsung have outdone those of rivals Apple every year, pointing to the popularity of the cheap and easily available handsets. However, Android phones usually tend to do poorly as far as their security is concerned, and that reputation has stuck for quite a long time now.
The Broadcom bug recently exposed the millions and millions of Android smartphones that use a Broadcom Wi-Fi chip to hacking in a number of different ways. The total number of phones affected was put at an incredible 1 billion. Unsurprisingly, iPhones, Pixel, Blackberry phones that run on Android and practically any Nexus that is still supported escaped the bug because these phones were patched before being disclosed to the public. The worry, however, is that Pixel and Blackberry phones sold only a fraction of the ones that were sold by other Android partners. The patch that would have prevented the bug was with the Android partners for as long as Google, Apple and Blackberry and yet nothing was done. Even the Samsung Galaxy S8 is vulnerable to the bug without the patch.
While malware attacks are incredibly unlikely to hit you, because there is no oversight by the government, there is almost no way to stop it. Which is bad news if you think your phone will not be hacked, because the malware and tricks and tips to remotely hack a phone keep coming along all the time and this means that your phone might one day very well be hacked.
When the HTC Dream/T-Mobile G1 was released, there was a security bug discovered that let users take control of the phone using outside software. Even the early iPhones used the same admin credential for remote logins – proving that software has bugs and that happens to everyone. However, even though the early security bugs were fixed and updates put out for phones, the process has stymied for the Android partners.
The Android software is sold under and open-source license that gives Google absolutely no control of how the software is used except for the requirements of access to Google Play and other related applications. This may be a bit puzzling to understand, but what it effectively means is that Google can not force any of the Android partner companies to do anything more than the bare minimum requirements that make them compatible with the APIs Play Store developers use to write their secure apps.
Even the bare minimum is under attack in European courts. What this arrangement basically does it put another company in control of the entire Android software. Not all companies can handle the kind of responsibility that has fallen on them in terms of security of their phones, and not even a resourceful company like Samsung has done enough to protect its users from the Broadcomm bug.
Smaller Android companies are supposed to fare worse in this department. Maintaining the security of your software means patching every bug as soon as they come to light, and that is a hard job to do well. Google’s name is on the Android box and the phone, and it is not fair that Google gets blamed for bugs that the Android companies could not fix. Google has shown that it can work hard to fix bugs, and issue timely updates and security bulletins. However, because of the autonomy of the open-license agreement, none of this hard work is passed on through the middle man, meaning that the security on Android phones that are not Nexus, Pixel or Blackberry is going to stay suspect.