CIA Leak Reveals Gaps in Patchwork of Android Software
March 09 2017 - 6:58PM
Dow Jones News
By Jack Nicas
Google says recent updates to its Android smartphone software
resolve vulnerabilities highlighted in the WikiLeaks documents
purporting to show how the Central Intelligence Agency hacks
electronic devices. But likely only a fraction of Android users
have actually received those updates because of Google's
complicated agreements with phone makers.
The CIA appears to have been exploiting vulnerabilities in
Android smartphones and other devices for years, according to the
WikiLeaks documents, though it is unclear which versions of Android
could be affected. Google said late Wednesday that after a review
of the WikiLeaks documents, it was confident Android security
updates "shield users from many of the alleged
vulnerabilities."
But Google data shows only 2.8% of Android devices run the
latest software, released in August, which has the most up-to-date
patches. Millions of Android phones run years-old software,
sometimes with widely known security gaps. Indeed, nearly
two-thirds of Android devices use software released in early 2015
or earlier. The WikiLeaks documents were taken from the CIA from
2013 to 2016.
Google, a unit of Alphabet Inc., on Thursday declined to say
which versions of Android could be affected by the CIA hacks.
By comparison, 79% of Apple Inc.'s iPhones use the latest
version of its iOS smartphone software, called 10.0, which was
released one month after Android's latest version, Nougat.
Apple controls both the hardware and software behind iPhones,
enabling it to unilaterally push software updates to users and
pester them to download them.
Google has gained massive scale with its Android software,
bypassing Apple in market share, by making it open and free for
phone makers to use to underpin their devices. The flip side,
though, is that Google is dependent on device makers and wireless
carriers to ensure software updates reach users.
The slow spread of Google's latest software highlights its
struggle to control the vast ecosystem behind Android, which now
backs about 88% of the world's smartphones. Google said in 2015
that 1.4 billion people world-wide use Android devices, of which
there are more than 4,000 kinds made by more than 400
manufacturers.
Phone makers generally tweak Android to fit their devices, often
creating a different version for each wireless carrier, so
delivering software updates requires the phone makers to tweak each
Android update for old handsets. But there is little incentive for
phone makers to spend money updating software for old phones, when
they're in the business of selling new ones.
In response, Google is trying to exert more control over some
users' Android experience by adopting Apple's approach: control
both the phone's hardware and software. In October, Google unveiled
its new flagship Pixel smartphones, starting at $649. Those phones,
along with its older Nexus line of devices, likely make up most of
the devices running Android Nougat because Google can deliver the
software update directly to users.
The CIA hacking also targeted laptops, according to the
WikiLeaks documents. Google's Chromebook is one of the best selling
laptops in the U.S., but its Chrome operating system doesn't have
the same security challenges as Android because Google has more
control over the software.
Write to Jack Nicas at jack.nicas@wsj.com
(END) Dow Jones Newswires
March 09, 2017 18:43 ET (23:43 GMT)
Copyright (c) 2017 Dow Jones & Company, Inc.
Alphabet (NASDAQ:GOOG)
Historical Stock Chart
From Mar 2024 to Apr 2024
Alphabet (NASDAQ:GOOG)
Historical Stock Chart
From Apr 2023 to Apr 2024