Shortly after Google announced plans to issue monthly security updates for Nexus Phones, tablets, and other devices, two of the top makers of Android devices announced they’ll also be rolling out updates on a regular basis.
These announcements come on the heels of the revelation that the Stagefright media engine for millions of Android devices has a security flaw that could allow someone to access your device simply by sending a text message.
While Google is already rolling out a security fix for Nexus devices, the maker of the Android operating system has limited control over the software running on the vast majority of smartphones around the world. That’s because Google basically provides the operating system to device makers who can then modify it according to their own need or those of wireless carriers. When users of those devices receive operating system updates, they’re typically delivered by the phone maker or wireless company… if they’re delivered at all.
Google has been taking back a bit of control in recent years by pushing many updates through Google Play Services and by decoupling some core parts of the operating system. Recent Android phone ship with Gmail, Maps, Chrome web browser, and other apps that are updated through the Google Play Store. That means you don’t need to wait for your phone carrier to approve an update.
But Android isn’t designed to let Google deliver key security updates affecting the core operating system the way that other operating systems are.
Apple can push iOS updates to all of its users because the company controls both the hardware and the software for its devices. Microsoft can deliver some OS updates directly to PC users through the Windows Update process because, although Windows is designed to run across a wide range of devices, there are limits to what PC makers can do to customize the OS before shipping their products to consumers. But the Android model is different, and while it’s great to see some of the biggest players in the space promising to release regular updates, odds are that they’ll only be available for recent model phones and tablets.
So if you’ve got a device that’s more than a few years old, this might be a good time to start looking for custom ROMs.
For now, if you want to know whether your devices is affected by the Stagefright vulnerability, you might want to run Zimperium’s free Stagefright Detector app or the one from Lookout Mobile Security. And if there’s no official fix for your device yet, you might want to try installing a third-party SMS client like Textra or Chomp that attempts to offer some protection for now.