Waiting for Android’s inevitable security Armageddon →

August 06, 2015 |

Ars Technica’s Ron Amadeo, writing on the future implications of Android’s recently uncovered Stagefright security vulnerability:

In a perfect world, the idea of literally billions of easily-pwnable Android handsets would be enough to get Google, the OEMs, and the carriers to all sit down, set aside their branding guidelines and marketing department-enforced differences, and say, “We need to fix this.” But we don’t live in a perfect world. In the real world, carriers and OEMs want to keep their branding and customization hooks in Android so that they can advertise to customers with their own apps and interfaces. Neither appears to want to take responsibility for the unprofitable post-sale support of the millions of devices they create and sell.

At some point, a huge Blaster worm-style Android security armageddon seems inevitable—and that’s what it’s going to take to bring real, meaningful change. Stagefright is a big deal, and the Android ecosystem’s reaction to it is literally 2.6/100ths of what it needs to be.