A new report published late yesterday states that a security researcher has discovered a way to take over roughly 70 percent of Android devices via a Web page or app. It's not known if anyone's actually using the exploit to attack people's phones, but the researcher's findings are nonetheless a reminder that Google faces a growing headache because it lacks any way to effectively distribute security updates to the hundreds of millions of devices running its software worldwide. Many of those devices have outdated versions of Android.
The report notes that "Vennix estimates that 70 percent of Android devices are vulnerable to the exploit, based on Google's figures for the proportion of devices running different versions of Android. And crucially, although Google released a new version of Android with a fix for the underlying bug in November 2012, most devices running the software will likely remain vulnerable to the attack for as long as they remain in use because they will not be updated.
Google has convinced many manufacturers to install Android on their products, but few are quick about rolling out new versions of the software. Nor does Google have any mechanism to push updates directly to devices, such as those built into desktop operating systems including Microsoft Windows or Mac OS.
That limits Google's ability to push out new features and security patches to devices running its software. The company's had little success addressing the problem so far. In May 2011, for example, Google announced the Android Upgrade Alliance, under which wireless carriers would roll out Android updates quickly for the first 18 months of a device's life. But the project foundered and is no longer active. Google didn't respond to a request for comment."
In stark contrast, 82% of iDevice are now running iOS 7, according to Apple. Apple's iDevices can be updated to new iOS upgrades and updates directly without any hassles. To learn more about this latest Android exploit, read the MIT Technology Review report here.