Saturday, February 05, 2011

Android is probably the most popular linux distro at the moment. The amount of users buying and the companies implementing it are huge, all in a little more then 2 years. In a certain way this shows linux was ready for the masses all along, but as always it took a big company (google in case you didn't know) to get it anywhere.
The one issue that everybody keeps picking on, is the so called fragmentation, i don't think it is really an issue though. The root of this, is the hesitance of manufacturers to release updates to their devices. They might release some for a while, ironing out bugs, but hardly you get an upgrade for your device for major versions, for example going from 1.6 to 2.0. Most of the time the vendors will claim the devices are simply not able to run it, but hackers have proven them wrong each time, for example; my 2 year old Samsung galaxy runs 2.2 just fine. Ofcourse this is all sales driven, new phones need to be sold and an OS upgrade might be a good excuse.
Still fine by me, i will just keep on upgrading my phone the unofficial way until it falls apart or the battery is worn out.The issue i have with all this is in the security part of all this. Linux is a great kernel, but it does have its security issues, if you're subscribed to the weekly SANS newsletter you'll notice there is almost a different security issue each week. Agreed, not all of those are critical or are applicable to Android, but some are. Nobody provides Android security updates, perhaps if it is critical enough, there might be an update for the latest generation of devices but all older phones are left in the dark and stay vulnerable. Since these phones are basicly small computers (you get linux and a shell with more tools on then when i started with linux more then 15 years ago), we could end up with an army of unsupported insecure Android zombie machines, we've been there before, with windows and i don't want it to happen again.
I started by saying that Android is the most popular linux distro ever, and the solution to the above problem is that they should treat Android more like an actual distro, and enable some kind of repositories-like update mechanism for the core of the OS. That way all fixes will be available to everybody and you should not have to surrender you security to the wil of the hw-builders.

Post a Comment