GOOG Alphabet Inc

By Jack Nicas 

Google says recent updates to its Android smartphone software resolve vulnerabilities highlighted in the WikiLeaks documents purporting to show how the Central Intelligence Agency hacks electronic devices. But likely only a fraction of Android users have actually received those updates because of Google's complicated agreements with phone makers.

The CIA appears to have been exploiting vulnerabilities in Android smartphones and other devices for years, according to the WikiLeaks documents, though it is unclear which versions of Android could be affected. Google said late Wednesday that after a review of the WikiLeaks documents, it was confident Android security updates "shield users from many of the alleged vulnerabilities."

But Google data shows only 2.8% of Android devices run the latest software, released in August, which has the most up-to-date patches. Millions of Android phones run years-old software, sometimes with widely known security gaps. Indeed, nearly two-thirds of Android devices use software released in early 2015 or earlier. The WikiLeaks documents were taken from the CIA from 2013 to 2016.

Google, a unit of Alphabet Inc., on Thursday declined to say which versions of Android could be affected by the CIA hacks.

By comparison, 79% of Apple Inc.'s iPhones use the latest version of its iOS smartphone software, called 10.0, which was released one month after Android's latest version, Nougat.

Apple controls both the hardware and software behind iPhones, enabling it to unilaterally push software updates to users and pester them to download them.

Google has gained massive scale with its Android software, bypassing Apple in market share, by making it open and free for phone makers to use to underpin their devices. The flip side, though, is that Google is dependent on device makers and wireless carriers to ensure software updates reach users.

The slow spread of Google's latest software highlights its struggle to control the vast ecosystem behind Android, which now backs about 88% of the world's smartphones. Google said in 2015 that 1.4 billion people world-wide use Android devices, of which there are more than 4,000 kinds made by more than 400 manufacturers.

Phone makers generally tweak Android to fit their devices, often creating a different version for each wireless carrier, so delivering software updates requires the phone makers to tweak each Android update for old handsets. But there is little incentive for phone makers to spend money updating software for old phones, when they're in the business of selling new ones.

In response, Google is trying to exert more control over some users' Android experience by adopting Apple's approach: control both the phone's hardware and software. In October, Google unveiled its new flagship Pixel smartphones, starting at $649. Those phones, along with its older Nexus line of devices, likely make up most of the devices running Android Nougat because Google can deliver the software update directly to users.

The CIA hacking also targeted laptops, according to the WikiLeaks documents. Google's Chromebook is one of the best selling laptops in the U.S., but its Chrome operating system doesn't have the same security challenges as Android because Google has more control over the software.

Write to Jack Nicas at jack.nicas@wsj.com

(END) Dow Jones Newswires

March 09, 2017 18:43 ET (23:43 GMT)

Alphabet (NASDAQ:GOOG)
Historical Stock Chart
From Mar 2024 to Apr 2024

Alphabet (NASDAQ:GOOG)
Historical Stock Chart
From Apr 2023 to Apr 2024