A little bird was heard saying that Google is finally taking a stance to try and reduce the amount of fragmentation its platform has suffered.
We had a couple people at CTIA last week — people whose words carry weight — tell us off the record that the next major version of Android would take big strides toward stopping the ugly trend toward severe fragmentation that has plagued the platform for much of this and last year. You know, the kind of fragmentation that has already left users running not one, not two, not three, but four distinct versions of the little green guy (1.5, 1.6, 2.0, and 2.1) depending on a seemingly arbitrary formula of hardware, carrier, region, software customization, and manufacturers’ ability to push updates in a timely fashion. Put simply, Google’s been iterating the core far faster than most of its partners have been able to keep up. – Engadget
Why should this matter? Well for one, having your user base spread out across multiple different versions of your OS or application can make patching updates a very serious issue. Using Google’s Android as the main example here – if you have a vulnerability found in, say, version 1.6 of your product, and you patch it in version 2.0 (Don’t ask. I don’t know where v1.7-v1.9 are either.), then having users update would be a natural progression, right? Well what if those users can’t upgrade due to one reason or another (carrier limitations). Well then you have the problem Android has been facing since launch.
Even the latest forms of Android vulnerabilities are only currently fully patched if you have v2.2 or better. So where does that leave all the people with v1.5-v2.1. Well they’re forced to find some other means of upgrading if their device or carrier won’t allow them to update. But let’s face it, not everyone has the means to root their device, dig through the numerous posts on xda-developers, and find a working rom of an updated version of Android. This entire process also shoots itself in the foot for most people in the corporate world where rooting your phone automatically takes it out of compliance with most security policies. Keeping your OS, Software, or Services patched and updated is one of the most effective ways to fight against vulnerabilities (those that are out of your control that is).
The fact that Google has, if anything, at least hinted at the fact that they’re going to take measures to help improve the process and outline of how the platform will be distributed and updated at least shows that they’ve recognized the problem, and might even go back and try and fix those in need now. But at least something can be done for future platforms to ensure everyone stays up-to-date (read: secure).