Monthly Android updates are ‘unrealistic’, says HTC -TEISS® : Cracking Cyber Security

Features / Monthly Android updates are ‘unrealistic’, says HTC

Monthly Android updates are ‘unrealistic’, says HTC

HTC will not join Samsung, Google and LG in giving its users monthly security updates, says the firm’s America president.

HTC

President of HTC America Jason Mackenzie said over Twitter that it is ‘unrealistic’ to promise HTC users the monthly security update offered by other firms using Android technology.

“We will push for them, but unrealistic for anyone to say guaranteed every month,” he tweeted in response to one user who queried why HTC was not following the precedent set by other Android mobile companies.

Mackenzie defended his statement, saying that Android hardware partners can integrate security fixes provided by Google into their own software, but still rely on carriers to push the updates through for carrier-branded phones.

He said that a lack of space in carrier labs also meant that users may not receive updates, thereby shifting the responsibility for mobile security away from HTC and towards mobile carriers.

A lack of security updates could leave hundreds of thousands of Android users at risk of potential device compromise by the likes of bugs such as Stagefright.

Filip Chytry, a security researcher at Avast, said that while mobile users should treat mobile security in much the same way that they treat PC security, that “device-specific elements from the manufacturer or the carrier” undoubtedly affected the ultimate security of any device.

“When an update is necessary, it should, in my opinion, come from the party whose element of the operating system needs updating,” he told Business Reporter.

However, mobile security firm Lookout’s vice president of product Aaron Cockerill said that the issue is more complex than simply assigning responsibility for maintaining mobile security to a single party.

“Part of the challenge of rolling out security patches in the Android ecosystem is that that ecosystem is very disjointed,” Cockerill said.

“Something like 1,200 different hardware makers use that platform and then you’ve got the multiplication of the carriers, so it does produce a fair amount of work.

“Taken at face value, it does look to be a daunting task, but I think that it’s one that needs more evaluation from everyone in the ecosystem.

“A lot of the responsibility fall back to the actual users to actually be up-to-date, I think that that’s as much of a challenge as it is rolling the patches out.”

Speculations regarding HTC’s financial capacity to enforce updates emerged after yesterday’s announcement of the firm’s unaudited Q3 2015 results, which included losses of $137 million US on revenues of $657 million.


Photo © Magnus Jonassan (CC BY 2.0). Cropped.


Click here to catch up on our coverage of the R3 summit.

Comments

Get the latest cyber news in your inbox

Join our community of cyber professionals today!