Don't Hate the Player, Hate the Game: Inside the Android Security Patch Lifecycle

Presented at Black Hat USA 2011, Aug. 4, 2011, 3:15 p.m. (75 minutes).

A new Android vulnerability is discovered today. When will the phone in your pocket be patched? We studied firmware update events across millions of Android devices around the world, to answer this question and many more. As it turns out, updating mobile devices is significantly more complex than the desktop world.

Android has become a top player in the smartphone explosion. Its success is due in no small part to its openness and flexibility, enabling an entire ecosystem of unique devices built on an open-source core. This proliferation has not been without the challenge of fragmentation. In this talk, we survey what it takes to push a security update in the Android ecosystem, study prominent vulnerabilities that have affected the platform, and examine the patch history and current state of prominent devices to answer the question: What is the half-life of a vulnerability on Android?


Presenters:

Links:

Similar Presentations: