UPDATED 14:48 EDT / JULY 06 2011

Complexity of Updating Android Exacerbates Security Problems

I bought a new HTC Nexus One last week, which unfortunately came with a custom ROM (Android Kernel Version: 2.16.405.1 CL223106 release-keys).  Unfortunately, this particular firmware prohibits any “Over The Air” (OTA) updates or even manual updates and it was a nightmare trying to track down the solution to the problem.  Luckily my online search led me to this page explaining the upgrade process which calls for a very complicated 6-stage manual process to upgrade to Android version 2.3.4.

To summarize, I had to follow the following upgrade process, and each stage took about 5-30 minutes (depending on download time):

  • Downgrade to 2.2 build FRG33 using passimg.zip method
  • Upgrade to 2.2.1 build FRG83
  • Upgrade to 2.2.1 build FRG83D
  • Upgrade to 2.2.2 build FRG83G
  • Upgrade to 2.3.3 build GRI40
  • Upgrade to 2.3.4 (Google announcement here)

With an upgrade procedure this onerous, it is no wonder that so few devices are running newer versions of the Android Operating System.  The result is an immense level of Android fragmentation, leaving 99% of the devices vulnerable to a serious security flaw in the ClientLogin API.  ClientLogin was apparently designed without any encryption, so that user credentials are transmitted in the clear, making them easy for criminals to intercept.

 

[Cross-posted at High Tech Forum]

Since you’re here …

… We’d like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.

If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.

Cookies

We employ the use of cookies. Find out more.