The Negative Aspect of Software in Smartphones and Other Devices

There are some negative aspects to using embedded software in hardware.  A few sites have written that about how phones or tablets still on Android versions below 4.4 are at risk for a vulnerability in the default browser. Don’t blame Google for this; blame the OEMs and carriers, as Google fixed the issue. However, there’s much more to this story.

To go into more detail, the problem is that the browser that was a part of the Android Open Source Project was directly coupled to the ROM up until version 4.4. It was at this point that Google shipped Chrome for Android which can be updated from the play store.   You can even run Chrome on one of the affected devices.  Unfortunately this doesn’t fix the risk as the default browser is still used when you tap on links in e-mail and elsewhere. While the bug was in the Android Open Source project code that is managed by Google, Google isn’t responsible for updating all of those rom images.  Google has even fixed the issue even in the old version of the code, but it’s the manufacturer that has to make the update available.  Android 4.4 and Chrome gets around this by allowing Chrome to be updated from the Play Store. Historically the OEMs and the Carriers have not put updating ROMS for these devices as a priority.  They would much rather you purchase a shiny new phone. My hope is that with this bug that OEMs and the carriers raise the priority as this is just the start of the issue.  One day there will be a vulnerability more serious and there will be real data loss and damage. It is not a matter of if but when.

The problem here isn’t just a phone issue either when you look at this.  For example, many routers that you buy for your home today have open source software at its core and THEY TOO can suffer from issues like this. At some point all software vendors will drop support for devices.  That doesn’t make the device go away of course.  Technical users can, of course, always fix their own hardware (if it’s possible) but the normal user won’t have the inclination to fix it.  They will continue to use it until it breaks.  They will, of course, update firmware if they know how and thankfully there are a lot of devices that tell users to do this when you set them up or automatically do it themselves like my Roku or Chromecast. But eventually those updates stop and  even though the device continues to work it become vulnerable. It won’t be long before one of these still working but forgotten by the manufacturer devices will have a critical issue that eventually causes problems for the Internet as a whole. This may sound like I am being paranoid and I am.  The problem is when we become complacent and do not make the companies responsible for their actions; if no one says anything nothing is going to be done about it. That’s the whole reason I am writing this piece.

That’s not really an open source or closed source issue either.  ANY time a device incorporates computer code means it will have to be updated.  ESPECIALLY if it is capable of being on the Internet. Manufacturers need to realize that people don’t just throw things out if they continue to be useful.

Maybe it’s time companies that use computer code in their products are held to a published standard that let’s consumers know how long they can use something before it becomes a risk to their data. Otherwise how will you know??  I have a good idea myself but my mom and dad don’t really know. They are lucky enough to have a son who knows.  What do other people do?   That’s why I am paranoid and think it’s high time that something is done about it.  What do you think?  Is this the tip of a very large iceberg or am I making a mountain out of a software molehill?