Curious Rat



Google Juicing the Numbers

Google is changing the way it tallies its usage numbers for Android (ᔥ The Verge):

As outlined on the Android Developers site, Google now uses the data collected when users visit the Google Play Store; under the previous system, any check-in to the store by the device would have been incorporated into the results, user-generated or not. The new system went into effect starting with this month’s results.

The change essentially skews the results towards those users who are actively visiting the Play Store.

Or, as Marco Arment puts it:

A more accurate title would be: “Google changes how it measures Android version adoption to show an uptick in Jelly Bean devices”.

The problem, however, is the stats aren’t as good as they should be. According to Android Police (emphasis mine):

This month, we’re seeing a familiar pattern – Gingerbread is continuing its slow descent, hitting 39.8%, down from 44.2% this time last month. Meanwhile the latest and greatest – Jelly Bean – accounts for exactly 25% of the overall distribution, meaning it’s finally hit one quarter of all tallied devices. That, for those interested, marks a nearly 9% jump from last month’s 16.5% figure.

Jelly Bean is still being beaten by Gingerbread, an OS that’s now three years old. And what about the two year-old Ice Cream Sandwich?

Ice Cream Sandwich is still strangely climbing, hitting 29.3% up from 28.6% in February.

So, the top two versions of Android running on nearly 70% of handsets are 2+ years old. On the Apple side, iOS 6 has garnered roughly 60% market share across Apple’s mobile device line. That statistic was from January of this year, but I can’t seem to find any upgrade data on the latest iOS 6 patch released a few weeks ago. As soon as I do, updates shall be made.

Regardless, if it were just about features and bug fixes, the problem wouldn’t be too worrisome, but there’s more than just the latest moving wallpaper to fret over:

One of the thousand tiny changes made in Android 4.2.2 is a patch that now denies apps with access to the Internet the ability to change the proxy settings on the device. This change didn’t affect many apps, aside from the fairly popular Ad Block Plus, but the potential is there for phishing abuse to occur from any app that had access to the Internet. Google didn’t just release a fix for Android 4.2.2, either. As a result of the potential severity of this vulnerability, the company has pushed the patch to their hardware partners to apply to Android 4.1.2 based phones and tablets. It’s important for the update to reach as many Android 4.1 and higher devices as possible, in order to protect them from any attempts to exploit this now public vulnerability.

Device manufacturers like Samsung, HTC, and Amazon don’t just skin Android - they obliterate it and remake it in their own images. But the underlying software is still there under all the custom icons and animations, and when vulnerabilities are discovered, they need to be patched. Unfortunately, Android OEMs don’t have the best track record when it comes to applying updates.

Take HTC, for example:

So far, HTC has yet to issue any information about an update to the newer version of Android, Android 4.2, for the HTC One or any of its older devices. As for HTC Sense 5, the company has said that some global variants of the device will get the Sense 5 update in the future, devices like the HTC One X, One X+, One S and HTC Butterfly.

In other words, “We don’t know if or when we’ll push out the update to the latest version of Android, but if you have one of our newer devices, get ready for an updated skin!”

This isn’t good for consumers, especially with targeted malware attacks popping up more frequently. We can tell our loved ones all we want not to open unknown attachments or click on links in emails, but let’s face it: Many Android handsets come cheap or free with two-year contracts and average users looking for inexpensive smartphones choose Android. Attachments will be opened and links will be clicked and it’s up to device manufacturers to patch things up.

Google can juice its upgrade numbers all it wants. I’m sure they’ll look mighty fine on those keynote slides at I/O, but what happens when the malware numbers increase and the OEM upgrade numbers stagnate? How does Google fix those?