Google’s greed is to blame for Android’s major security mess

You can’t make a good omelet without breaking a few eggs. Similarly, you can’t take over the smartphone business without compromises, even if that means a few users might be affected by security problems along the way. Google, driven by its desire to dominate the mobile world, bought and developed Android and made its basic code free for any device manufacturers to use. It’s obviously been a big success but it’s also had to compromise on many things to ultimately win a huge chunk of the mobile business.

For a while, each Android security flaw was instantly dismissed by the most hardcore fans as nonexistent or only a problem for uneducated Android users who downloaded apps from untrusted third-party stores. Even Google last year tried to minimize the malware issues by saying that only a small fraction of its more than 1 billion users were affected by malware.

Since then, however, more significant security issues have been discovered that affect the majority of Android devices and Google has shown that it’s not ready to fix them.

Google and its partners recently committed to regular security updates and audits. In fact, just recently Google confirmed that Samsung’s custom overlay for the Galaxy S6 edge has some serious security issues in it and it discovered no less than 11 major security flaws in just a week.

Is it Samsung’s fault? Yes and no. Sure, Samsung could be more diligent when it comes to checking for bugs and finding significant vulnerabilities that could affect the safety of the user.

But ultimately, Samsung’s practice is only a result of having to adapt to Android and comply with Google’s and the carrier’s request. And if a company like Samsung can’t prevent severe security threats, then what can we expect for smaller mobile device makers?

To “infect” the world with Android, Google had to make sure it’s free for any company willing to build hardware. Android’s open-source nature meant that any company could customize it to fit their needs. OEMs quickly realized they just had to build custom features on top of the default Google apps that come with Android. Users loved the freedom Google gave them compared to Apple’s walled iOS garden and carriers liked the fact they could actually have a say in installing their own software onto devices.

And so, Android became more and more popular over the years, with hundreds of different smartphone models now being used around the globe.

The problem with Google’s need to win the search war by entering the mobile business with an open-to-all Android is that there’s no way to completely ensure and control security. Even if it wanted to, Google can’t fix Android bugs on all those 1.4 billion of devices because it has no say whatsoever when it comes to update releases. Google can only issue timely updates to Nexus handsets and tablets whenever significant issues are discovered. But code belonging to OEMs might take longer to fix — and that’s even if carriers don’t hinder the entire update process.

So while it’s admirable for Google to improve security on the stock version of Android, to promise swift security patches, and to even audit and expose security issues belonging to OEMs’ flagship devices, it’s ultimately a problem caused by its own need to become – and then remain – the major player in the mobile search business.