LISTEN LIVE KPR - On Air: Listen Live to classical, jazz and NPR news Schedule LATEST
KPR 2 - On Air: Listen live to KPR's all talk-radio service, KPR2 Recordings

Share this page              

Under Pressure, Google Promises To Update Android Security Regularly

Both Google and Samsung are rolling out new processes to issue security updates for Android devices, like the Samsung Galaxy S6 and S6 Edge.

This post was updated at 4:14 p.m. ET.

Google is making big promises to fix its Android operating system. The company recently came under sharp criticism after researchers found a major flaw in Android would let hackers take over smartphones, with just a text message.

Now, Google tells NPR and writes in a blog post, it'll work with other phone makers to fix that bug. And, going one step further, Google is rolling out a brand new system to protect smartphones regularly — not just once in a while.

Adrian Ludwig, lead engineer for Android security, spoke Wednesday at Black Hat, a cybersecurity conference in Las Vegas. He covered a few topics, starting with the bug called Stagefright.

Last week researchers with Zimperium, a mobile security firm, said they'd discovered major flaws in the heart of the Android operating system (in a library called "libstagefright"). This bug would allow hackers to take over nearly 1 billion phones, just by sending an infected text message. To fix the problem, Zimperium says, smartphones need firmware updates that reconfigure the entire operating system. It's the software version of open heart surgery.

While Google agrees this bug is serious, the company disputes how widespread it is. Ludwig says that currently, 90 percent of Android devices have a technology called ASLR enabled, which protects users from the issue.

Clearly there's a difference of opinion. Still, Google is agreeing that it needs to take decisive action. The company makes Nexus smartphones. Ludwig announced that Nexus owners will get patches starting this week.

He also spoke on behalf of other Android manufacturers. He's promising that this month, the most popular Android devices are getting the fix. The list includes:

-- Samsung: Galaxy S6, Galaxy S6 Edge, Galaxy S5, Note 4, Note Edge;

-- HTC: One M7, One M8, One M9;

-- LG Electronics: G2, G3, G4; and

-- Sony: Xperia Z2, Xperia Z3, Xperia Z4, Xperia Z3 Compact.

Also Wednesday, Samsung described a new Android update process that "fast tracks the security patches over the air when security vulnerabilities are uncovered. These security updates will take place regularly about once per month."

A New Industry Standard?

Ludwig made another announcement: Nexus devices will receive monthly updates that are "purely focused" on security to keep users safe. (The company states in its blog post that the devices "will continue to receive major updates for at least two years and security patches for the longer of three years from initial availability or 18 months from last sale of the device via the Google Store.")

"People have been looking for clear communication about Android from a security standpoint," Ludwig said. "It now exists. This is really a watershed moment for us as an industry."

For three years, Google has given Android manufacturers regular updates about flaws that need to be fixed. But whether they act on that information is not in Google's hands.

Nexus is. Granted, the brand is a much smaller share of the market than Samsung, but if Google keeps its promise and executes well, the company could be creating a new industry standard for smartphones — at least on the Android side. Apple, which controls both the hardware and software of its devices, regularly rolls out updates to its iOS that are quickly adopted by users.

Bryan Glancey, a security researcher with Optio Labs, used to work for Samsung. He says a coordinated system for Android security is long overdue.

"If you fix a problem on Apple, it goes to all Apple devices and you've done it one time. But if you want to fix a problem on Android, you've got to fix every variant," he said.

And to do that, Google must coordinate with many manufacturers. Glancey says by doing so, the company hopes to decrease the public perception that Android phones are less safe than iPhones.

It'll be interesting to see if other Android manufacturers and phone carriers, which are often a bottleneck to updates, follow Google's lead.

Copyright 2015 NPR. To see more, visit

Tower Frequencies

91.5 FM KANU Lawrence, Topeka, Kansas City
89.7 FM KANH Emporia
99.5 FM K258BT Manhattan
97.9 FM K250AY Manhattan (KPR2)
91.3 FM  KANV Junction City, Olsburg
89.9 FM K210CR Atchison
90.3 FM KANQ Chanute
96.1 FM K241AR Lawrence (KPR2)

See the Coverage Map for more details

Contact Us

Kansas Public Radio
1120 West 11th Street
Lawrence, KS 66044
Download Map
785-864-4530 (Main Line)
888-577-5268 (Toll Free)