Data collected by Google towards the end of last year indicates that a vast majority of products using the Android operating system have not adopted the latest update. Android 8.0 “Oreo” was present on 0.5 percent of Android devices as of December 11, 2017. It is surpassed by six out of the previous OS upgrades, and only outranks the second version, “Gingerbread.” The previous three releases still account for almost 80 percent of all Android devices, with Android 6.0 “Marshmallow” with the majority at 29.7 percent.
Fragmentation has reportedly become a repeat issue for Google’s Android. Smartphone manufacturers typically lag behind OS launches from Google for up to years at a time. Apple products, in contrast, have maintained more consistent compliance with the latest iOS updates. However, that may be in part due to Apple’s closer control of upgrades to the iPhone, as well as the short launch times between new Android versions.
Adoption of the newer OS versions are slowly increasing, though mostly for those two or three generations removed from the latest upgrade. This trend can become even further complicated by a recent move by Google to push for “rollback protection” to be included in new smartphones hosting Oreo. Ostensibly to protect against security flaws in older systems, it prevents anyone attempting to break into the device by rolling it back to a previous version by blocking a downgraded system from booting. However, this function also might prevent vendors and users from migrating newer devices to older releases, though it can be disabled manually.
Rollback protection highlights a problem inherent in not complying with updates for any networked device. In this age of constant phishing scams and ransomware, hackers are always trying to find loopholes that are left open by human error. Keeping up-to-date with the latest software can be one of the best methods to ensure a backdoor vulnerability does not leave your data open. However, for many mobile devices, compliance falls on the manufacturer side so that consumers cannot always enforce adherence to security updates themselves.