In terms of operating system security, the Android system is relatively poor. It is not that Google did not fix the vulnerabilities in time, but that the Android platform is too fragmented.
There are at least four major versions currently active on the Android platform, and Google can only guarantee to release security updates to the latest version of Android every month to fix known security vulnerabilities.
Even so, because many OEM manufacturers update slowly, many users’ devices cannot be updated in time, and even some devices have never been updated since their release.
This has caused many users to have the illusion that the security of the Android system is not as good as that of Apple or even Microsoft, and there are cases where some manufacturers modify the system to cause security holes.
For example, in the vulnerability rankings recently released by thebestvpn, Android has become the second most vulnerable operating system in the past 20 years, and the system with the most vulnerabilities in 2019.
An official Google spokesperson responded to the matter by stating that the company is committed to increasing transparency and issuing monthly security announcements on the Android system to improve ecological security.
However, Google does not agree with the number of resolved security holes as a basis for measuring system security, which is actually the result of the open operation of the Android ecosystem. In a statement to Fast Company, a spokesperson from Google for Android said:
We’re committed to transparency and release public security bulletins monthly on issues that have been fixed in Android to harden the security of the ecosystem. We disagree with the notion that measuring the number of security issues fixed in an OS is any indication of the security of the platform. This is actually a result of the openness of the Android ecosystem working as intended.
As an open-source operating system, Android is freely available to other manufacturers, which also means that Google directly loses the ability to coordinate software and hardware at the same time.
As a result, Google cannot directly provide software updates to all Android devices to fix security vulnerabilities, and manufacturers have introduced more and more vulnerabilities when customizing their systems.
Many manufacturers customize drivers for compatible hardware or the hardware itself has defects, and these vulnerabilities are also counted as security holes in the Android system.