Android's inevitable security armageddon

ArsTechnica article about the troubles with Android updates and providing security, or as they call it, “Android’s inevitable security armageddon”.

We’re on day who-the-heck-knows of the Android Stagefright security vulnerability,
and there’s really no point keeping track of the days because no one’s
going to fix it. The Android ecosystem can’t deal with security, and it
won’t change until it’s too late.


Android still uses a software update chain-of-command designed back
when the Android ecosystem had zero devices to update, and it just
doesn’t work. There are just too many cooks in the kitchen: Google
releases Android to OEMs, OEMs can change things and release code to
carriers, carriers can change things and release code to consumers. It’s been broken for years.

The Android ecosystem’s reaction to the “Stagefright” vulnerability
is an example of how terrible things are. An estimated 95 percent of
Android devices have a have a remote arbitrary code execution just by
receiving malicious video MMS. Android has other protections in place to
stop this vulnerability from running amok on your smartphone, but it’s
still really scary. As you might expect, Google, Samsung, and LG have all pledged to “Take Security Seriously” and issue a fix as soon as possible.

Their “fix” is going to be to patch 2.6 percent of all active Android
devices. Tops. That’s the percentage of Android devices that are
running Android 5.1 today, nearly five months after the OS was released


Thanks, @Jerry. While this adds to my “oh my glob I am stuck on 4.2.2” frustration, it is quite an education. (Well, the whole Fairphone experiences is.)

Sadly, there is no alternative in sight. With iOS, security might be perceived to be better, but privacy is even more of a nightmare than in Android. Ubuntu, Firefox OS and Sailfish are niche markets, and will stay in that corner, moping. And don’t get me started about that Windows 10 stuff. I don’t even know where to start.

Sorry, kneejerking, but these computers in our are NOT ours. And WE are the friggin product.

I can’t really take it any more. But I’ve grown accustomed to my FP. I like it to have a pocket computer with camera and GPS with me, and I love some services. So, I am seriously fckd, and pissed off to a great extent.

NB, this has nothing to do with FP, as a company. You people are awesome. But the system is flawed, and I now think it’s so on purpose. See Jerry’s post.


Have you seen this today:

Not much use for fairphone in the short run, but it does look like google are taking security updates more seriously

1 Like

Well, the fact we are getting a Stagefright fix alleviates my disappointment about being stuck on Android 4.2 somewhat. It shows that unlike the big players, Fairphone is commited to supporting their hardware, even if their hands are tied regarding the choice of OS.


It’s disappointing to see a BBC article so full of journalism clichés and plain errors.

I’m not sure what to take from this article. It mentions a promise of monthly updates by LG and Samsung, which could be a huge thing, depending on the actual details. But none are given and the article glances over it as if it’s some minute uninteresting little fact.


Yip, FP does care, even if some people (also on the forum) don’t get it. And they learned from the MediaTek desaster. But they are a small company, and there’s not much they can really do to help us.

I recently was asked by a friend if I would sell her my FP, because she knows I am tempted by the FP2 (too expensive for me, but still…). But she’s a friend, and thus I don’t really like to do this. Seriously, I would sell her something* I would not buy for myself right now - even second hand.
This is a bit frustrating.

* Besides, she’s going to need the phone as of Sept. 9th, and I would not receive my FP2 before Nov., earliest, if I would sell to her. And I will need to use a smartphone every day in between, for several reasons, just two of them: looking for a flat and a new job.** If anyone has a solution besides “buy another smartphone for the time in between and sell it later”: I am listening.

** (Fuck this shit, I quit! Sadly, I’m moving even further away from Amsterdam, otherwise FP would get my CV. :wink: )


Here’s another one: University of Cambridge study finds 87% of Android devices are insecure

I don’t like Apple at all, but actually I’m a bit worried to ditch my old iPhone 4S (which still receives the latest OS updates after 4 years) and enter Android security hell…