News- Google developer reveals what’s wrong with Android
According to Google programmer Kees Cook, the key problem of Android is its low level of security. But it is not related to the unwillingness or inability of developers to eliminate all these gaps and security holes that are hidden in the operating system. The fact is that Android is built on top of the Linux kernel, which is literally riddled with vulnerabilities.
Most of all Android vulnerabilities that cybersecurity researchers find are Linux-related in one way or another, Cook says. But the problem is aggravated because certain changes in the platform, which downstream developers make of shells and firmware based on Android, provoke the manifestation of vulnerabilities that have not manifested themselves before.
Android security issues
In fact, the primary security issue for Android is the lack of security in the Linux kernel, and the secondary is fragmentation. Smartphone manufacturers themselves have a responsibility for the safety of their users because their firmware, although built based on Android, has many differences from the stock operating system.
That is why, by the way, Google does not have the ability to release security updates for all smartphones running Android at once, as many would like. Instead, it is forced to provide the source code to the manufacturers. In turn, they adjust the update to the characteristics of their devices, taking into account the vulnerabilities specific only to them.
This leads to another problem. It lies in the fact that many manufacturers do not release updates for their smartphones for a long time. It is generally accepted that they do not want to waste time on it. By and large, it is. But don’t be too hard on them, Cook says. Up to a hundred vulnerabilities are fixed in the kernel every week. That is, there are already over 400 of them per month. Of course, manufacturers cannot fix all of them, so they choose only the most dangerous gaps and fix them already.
Why Android updates aren’t coming out
It turns out that the easiest way to improve the security of Android is to abandon third-party shells in favor of a stock operating system without changes from smartphone manufacturers. But this is unthinkable. That’s the beauty of Android. Many people do not imagine the possibility of using a clean OS. They like the shells, be it MIUI, EMUI, One UI, and others, especially since, in most cases, they are really more convenient and functional than the “drain.”
This means that you need to act differently. Change the kernel. But this isn’t easy. Even people far from programming and operating system architecture understand that everything will have to be turned around. But Google has prepared. It recently introduced the Fuchsia operating system on its own Zircon core. So, generally speaking, nothing prevents her from taking the external design of Android, rolling it onto Fuchsia, and releasing it under the guise of a regular update.
Another thing is whether users need it? Honestly, I don’t know. On the one hand, the feeling of complete security is, of course, cool. But, on the other hand, exploitation of vulnerabilities is, in principle, quite rare. To hack you using a system flaw, you must be a very high-ranking and interesting person. But people like them hardly use ordinary smartphones in everyday life. So, if you want to know my opinion, then everything suits me and so.