Recently shaken by a security scandal involving mobile devices that could be hacked by a malicious text message without owners being aware of it, Google has promised to make efforts to regularly update the security systems of its Android operating system. While this is a step in the right direction, actually improving Android security is a complicated endeavor.
As I've previously noted, simply issuing a software update to shore up a hole is not an option for Google, or at least not one that is completely effective. Where a company like Apple can update the security or anything else on it's mobile devices fairly quickly due to the fact that Apple is vertically integrated into hardware and software (both making the phone and the programs that run them), Google's Android system operates on phones from many different manufacturers and in many different ways.
This means that pushing out security patches can be much more difficult for Google, and require a great deal of coordination. This is evidenced by the fact that a patch for the text message hack mentioned above was available earlier in the year, but was only released to the public when Google and phone manufacturers failed to act fast enough.
Adrian Ludwig, Android's lead security engineer, announced that Nexus devices, which are made by Google, will receive regular, monthly updates focused completely on security. While this only guarantees a small portion of the Android market will receive regular updates, it is setting a standard that other makers and manufacturers seem keen to meet. Samsung, makers of phones and devices that fill a much larger portion of the Android market, also recently announced an ambitious security update plan. Hopefully other manufacturers will follow suit,
So while the Android security plan still seems disorganized, it is a disorganization that is at least concentrating more on addressing the vulnerabilities in its market.