I usually love podcast host Dan Benjamin and most of the shows I've sampled from his 5by5.tv network, particularly Hypercritical with co-host John Siracusa. But Benjamin's Build & Analyze show, which features Apple software developer Marco Arment, is filled with so much misinformation and disinformation about Android that it's an embarrassment to the entire line up.
On yesterday episode, Dan and Marco, aka the Former Mouth of Brooklyn, discussed a newly discovered security vulnerability in Android phones made by HTC. I also posted about it the other day. Basically, a recent software update from HTC added a program to log lots of sensitive user data. And HTC failed to lock down the data, making it relatively easy for a malware app on a user's phone to get access and possibly send it off to bad guys to do bad things.
Key point: the vulnerability was created "in recent updates to some of its devices" by HTC.
After freaking out a bit about the problem, Marco started laying on the misinformation pretty thick:
"Android devices after they've been sold almost never get software updates."
"Most of the phones affected by this will probably never be updated." (Prompting Benjamin to chime in "There will always be this problem, forever.")
"A very big chunk of Android phones sold in the last few years is manufactured by HTC and this appears to affect all of them."
"It hasn't been a problem so far because no one had discovered a massive security vulnerability in Android."
So here's the first problem for the freak-out reaction: if Android phones are never updated, then almost no one is affected by the new vulnerability which was included in an update. If Arment was correct about updates, he shouldn't be making a big deal out of this.
Turns out, however, there have been plenty of Android software updates and there will soon be another one to close this exploit.
Arment's also ignorant about the history of Android malware and the rapid reaction from Google. Back in March, a more serious live exploit known as "DroidDream" was discovered in the Android app market. Google acted quickly, removing the offending apps within minutes of being notified, issuing a software patch to all Android devices affected and remotely wiping the malware apps from phones of users that had actually downloaded them. In May, Google acted again with an update pushed out to all affected users.
Yes, there have been slow downs getting software updates with new features through the carriers and out to users. But that hasn't been the case with security updates.
And it's simply not true that Android phones never get updated. HTC is best of all Android manufactures with updates in general, having upgraded 13 devices to the current 2.3 "Gingerbread" version this year. Surely there's room for improvement in the speed of updates -- an issue Google is well aware of -- but to say Android phones never get updated is flat out wrong.
Still, Arment never lets ignorance get in the way of a good rant, here about the Android app Market:
"It's like the Wild West in Android. There's no law. Everyone's kind of doing their own thing. It's horrible really."
Unlike Apple, Google does allow apps into its market without prior approval and vetting. And that policy is controversial and worthy of debate. Apple's prior review policy, on the other hand, could slow down security updates for individual iOS apps. But to claim that Google has no rules or laws in the app market is just wrong. Offending apps get removed all the time, as was the case with DroidDream.
Unfortunately, Benjamin decided to join in with another whopper:
"Just go search for Angry Birds. Good luck finding the real Angry Birds. That's how hard it is."
Here's a screen shot of such a search. See if you can spot the actual Angry Birds game.
Finally, it's worth noting that many Apple iPhone customers may actually be at a disadvantage in terms of quickly getting security updates. That's because iPhones have to be synced with a computer to get updated and about half of iPhone owners have never synced their phones. Android updates, both for the overall OS and for individual apps, arrive over-the-air directly to the phones and thus aren't reliant on the diligence of their owners.
So here's hoping Dan and Marco can clean up their act when it comes to discussing Android.