The best way to protect a device against malware is ensuring that it has an up-to-date OS.
When Windows RT came out, I purchased an ASUS Vivo Tab RT as it was released in Australia before the first generation Surface RT was. I later acquired a Surface RT and in the last week acquired my third Windows RT device, the Nokia 2520. Unsurprisingly all of these devices are running the same updated version of Windows 8.1 RT.
I have several Windows Phones. I apply OS updates as they become available. My Lumia 920 (purchased 18 months ago) is running Windows Phone OS 8.0.105, as is my brand new Lumia 1520. The iOS devices I purchased over the last few years are similarly all running Apple’s latest OS.
And then I get to my Android devices. I have two of them. An ASUS Transformer Pad Infinity (TF700T) and a second generation Nexus 7. I got the ASUS Transformer Infinity in mid 2012 and the Nexus 7 about Mid 2013.
- The Nexus 7 is running Android 4.4.2 (KitKat)
- The Infinity is running Android 4.2.1 (Middle version of Jelly Bean, pre Jelly bean 4.3 released in July 2013)
The Infinity isn’t a bargain basement Android tablet and ASUS is a reputable manufacturer. My TF700T is the version that has the 1920x1080 display, so isn’t the first version of the ASUS Transformer. The version I have was only superseded in the last six months by a new model with an even higher resolution display.
But the version of Android it is running is 2 major and a couple of minor versions behind. The Windows RT contemporary – no longer made because ASUS determined that the market wasn’t there for non-Microsoft Windows RT devices – is up to date. The premium ASUS Android tablet from 18 months ago is not.
It’s entirely possible to update the Infinity manually to a more recent version of Android if you manually update using Cyanogen Mod. Needless to say this isn’t supported by the manufacturer.
Recent data indicates that only 2.5% of Android devices are running the most recent 4.4 version. In contrast, 74% of iOS users are using the most recent version of the mobile operating system.
The issue I’m trying to get at is that as more people start using Android devices to perform work related tasks, it becomes increasingly critical that those devices are able to be secured. Google, like Microsoft and Apple, is constantly working on securing its mobile operating system. Unless those updates are pushed down to existing devices in a timely manner, they won’t be as secure as they might possibly be. There are stats around that suggest that the number of mobile phones and tablets in use either has or will soon outnumber desktop computers. Microsoft and Apple can push out updates quickly that reach the majority of their users when a serious security issue is discovered. Google can similarly create an update, but is at the mercy of vendors in terms of it ever reaching end user devices.
At some point this model has to change and updates to Android need to go out to the majority of compatible devices within short window after release, just as updates go out to computers running Windows or mobile devices running iOS. When hardware vendors are left to deploy updates, they lose interest soon after the next model becomes available. As people continue to use new devices for a couple of years after purchase, it’s reasonable to expect that the devices will have the most recent software updates automatically applied within that time frame.