UPDATED 14:48 EDT / JULY 06 2011

Complexity of Updating Android Exacerbates Security Problems

I bought a new HTC Nexus One last week, which unfortunately came with a custom ROM (Android Kernel Version: 2.16.405.1 CL223106 release-keys).  Unfortunately, this particular firmware prohibits any “Over The Air” (OTA) updates or even manual updates and it was a nightmare trying to track down the solution to the problem.  Luckily my online search led me to this page explaining the upgrade process which calls for a very complicated 6-stage manual process to upgrade to Android version 2.3.4.

To summarize, I had to follow the following upgrade process, and each stage took about 5-30 minutes (depending on download time):

  • Downgrade to 2.2 build FRG33 using passimg.zip method
  • Upgrade to 2.2.1 build FRG83
  • Upgrade to 2.2.1 build FRG83D
  • Upgrade to 2.2.2 build FRG83G
  • Upgrade to 2.3.3 build GRI40
  • Upgrade to 2.3.4 (Google announcement here)

With an upgrade procedure this onerous, it is no wonder that so few devices are running newer versions of the Android Operating System.  The result is an immense level of Android fragmentation, leaving 99% of the devices vulnerable to a serious security flaw in the ClientLogin API.  ClientLogin was apparently designed without any encryption, so that user credentials are transmitted in the clear, making them easy for criminals to intercept.

 

[Cross-posted at High Tech Forum]


A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU