Not All Android Security Updates are Equal

Not All Android Security Updates are Equal

In today’s marketplace, Cybersecurity is a top priority for each enterprise as they consider the acquisition of ruggedized mobile devices. Every new cyberattack is an important reminder why keeping your Android operating system (OS) up to date is so important. That’s why it is critical to keep all of your software and handheld devices up to date.  Operating system updates improve the end user experience, can improve productivity, and provide essential security. An operating system like Android may be the most complex piece of software you have.

The Security best practice, backed by Google Android, is to keep devices on the latest OS version and maintenance releases.  Android typically supports an OS version for 3 years.  Even during the Google support period, not being on the latest OS version means you don’t have the latest security because MANY security feature-adds that come with a new OS version are not backportable to prior OS versions.

Each new Android OS contains critical and significant improvements along with important security and privacy enhancements. These are updates that go far beyond bug fixes. Android also introduces expansions and restrictions to APIs, which permit third-party apps to interact with your devices and data and perform a variety of advanced functions.

If you’re not upgrading your OS after that, you are at risk.   Some other OEM devices only provide backporting (applying patches to an old OS version).  The fact is, backporting to old OS versions is NOT a security best practice, and by definition is less secure. By design, prior OS versions, even only one year old, do not have the latest security features.

Backporting to Older Android OS Leaves Your Company CyberSecurity Exposed

At Honeywell, we believe that anyone promoting backporting over OS upgrades does not have the customers best interest in mind. Honeywell works closely with customers to make it as smooth of a transition as possible to upgrade from one Android OS to the next.  Here’s why

  • Android uses an incremental approach.Each version builds on the last, maintaining backwards compatibility, making maintenance and upgrades easier.
  • The only way to receive the best available security and features are through the latest OS version
  • When following Android best practices, little to no adjustment should be needed beyond updating the device OS version.

Honeywell customers have the choice to decide when it is their best interest to upgrade.  Backporting is the action that takes parts from newer software and applying it to an older version of software.  It is important to understand that many changes cannot be backported to prior OS versions. These often include

  • Privacy features
  • New features, including new security features

Honeywell offers backporting service only as a last resort, as some customers have situations in which are delayed or decided to stay on old OS version. Why would a company decide to stay on an old Android OS? Some common reasons include:

  • They have been led to believe that it’s not a big issue, that patches are OK, like Windows.
  • Companies have made the false assumption that updating Android versions requires an effort like updating Windows did.In reality, Google’s approach to Android is different than Windows.
  • Companies have developed their own applications that weren’t developed using the best practices and need to be updated in order operate on a newer OS version.

Bottomline: Backporting leaves your devices with a security gap because not all OS changes/updates can be patched. And the older your OS the more risk you have of being exposed to cybersecurity threats.

Security Patch Backporting and OS Version Updates: Are they the same?

Backporting a security patch is not the same as applying a new Android version.  Backporting is essentially taking parts of newer version of a software system or software component and porting them to an older version of the same software.  It is used for fixing security and feature issues in older version of software.  It’s an attempt to extend the useful life of an operating system by a few years.

Hidden Issues with backporting. Some have the false belief that security patches and backporting are complete solutions, not understanding the gaps, and that hackers know of these gaps.

  • New OS features not available for backporting. New security features included in new OS versions are not inherently made available to backport to earlier OS versions.
  • Incomplete security patching. Vendors cannot guarantee that every vulnerability found in newer Android versions can and will be backported.Backporting is only possible where the functionality previously existed and/or the update does not impact the integrity of the platform.
  • Processor level vulnerabilities. Patches for proprietary low-level processor code must come from the chipset vendor and may not be available for older OS versions.
  • Lack of new security features. Customers relying on older Android versions can't take advantage of security features added to newer versions.

Honeywell Mobility Edge is the leader in Android version support providing the best available security, features, and lifecycle duration of any ruggedized device in the world. Honeywell is deeply committed to the longevity and quality of the Mobility Edge platform. The following products are built on the Mobility Edge platform: Honeywell™ CT40, CT40XP, CT60, CT60XP, CN80, CK65, RT10A, Thor™ VM1A, and VM3A.

Contact a Honeywell Solutions Expert today! Call 1-800-934-3163

Barry J. Ewell

Barry J. Ewell is a Senior Content Marketing Communications Specialist for Honeywell Industrial Automation. He has been researching and writing on supply chain topics since 1991.