We are only able to produce these scores due to the contributions made to Device Analyzer by members of the public. If you have an Android device you can install the Device Analyzer app and provide researchers with additional data on which devices are secure. Device Analyzer follows best practices in privacy preservation.
So, the graphs aren’t entirely accurate?
For something as fragmented as Android, no graphs will every be accurate.
Edit: Unless Google suddenly decides to bundle something that gathers data with every app they… oh, wait, they already do that, don’t they.
Unrelated to the actual study, but I enjoyed seeing the all different ways the same findings were headlined by various news outlets right next to one another.
I really want to see devices running vulnerable versions (or outdated versions) by carrier. Because what a lot of people sometimes fail to realize is that any phone that has carrier bloatware is running an os whose updates are reliant on that carrier.
Wait, carriers have specific updates beyond the GSM or CDMA access methods?
Sorry for the slow response, but yeah, if you don’t have an unlocked phone then the carrier provides specific updates to their version of the OS. Different carriers disable/enable different features of the OS and they do it in different ways. Sprint for instance I think changes how the tethering works on android so that it’s apps can control it. That’s why Google has been closing source more and more around Google Play services so they can update key components in the android system without carrier delay.
Is it the same for iOS?
It’s not. Apple’s contracts with the carriers were explicit from the outset that Apple directly controls upgrades. Carriers were not pleased by this idea.
I get the feeling that this is a smarter move because then Apple will have control over the upgrades and can do upgrades properly on its own devices versus the carriers making changes that might not be optimal. Unless the “upgrades” are strictly just a bunch of feature toggles.
Of course it’s smarter - this is exactly the situation it was meant to prevent, and has prevented. Carriers and handset manufacturers lose revenue and potential brand loyalty from not being allowed to tweak the OS; that’s why they resist it.
No, but that’s because iOS has always been a locked down OS and they’ve negotiated from a position of power. It also helped that the first carrier they signed with was (at the time) the most draconian when it comes to locking down phones. Hell, AT&T’s first android phones had .apk side loading disabled (like even if you went to the dev menu it wouldn’t work).
Google thought that they could hand off some of the implementation nitty-gritty to the carriers/manufacturers and garner support by being open source, but what they saw was people not complaining about the lack of updates from their carrier but about Google not updating (when they had). Google has been making Android more and more closed source (I don’t think any of the ‘stock’ google apps on android 5.1 are open source anymore) in part because they’ve seen how much easier Apple handles OS based issues.
As a disclaimer, part of this ‘Google Play Services’ move is to abandon most updates for pre-KitKat android versions, which makes a ton of sense, but doesn’t feel good as a consumer.
Welcome to the fucked-up Android update model, that can’t be changed at the fury of OEM tweaks and carrier inspections. Their solution is to move as much of the “core” Google ecosystem from AOSP into proprietary versions on the Play Store.
I wish it mentioned Cyanogenmod anywhere at all.