The fight between the good and evil in phone industry is the one between the hackers and software researchers. Hackers want to access data and apps on a victim’s phone and software engineers are enhancing security to patch up vulnerability. In July, a vulnerability that affected up to a billion Android phones was disclosed by software researchers. Google rushed up with a patch, but security company Exodus Intelligence said it had been able to bypass the fix.
Android users are protected by a security feature called address space layout randomisation (ASLR) which is installed in over 90% of Android devices. It would rather crash a smartphone than compromising it.
In April, another security company, Zimperium, found a bug in Android that could let hackers access data and apps on a victim’s phone, just by sending a video message. Though none exploited the vulnerability, software engineers pointed out they could bypass that security which only gives a false sense of security to users.
Android is an open source operating system and phone-makers can modify it to use on their handsets. Only 2.6% of Android phones are running the latest version of the operating system. The manufactures like Apple and BlackBerry who control both the hardware and software alone can patch up flaws.
“If Google cannot demonstrate the ability to successfully remedy a disclosed vulnerability affecting their own customers,” quipped an engineer, “ then what hope do the rest of us have?”
