Fragmentation is root cause of Android's recent malware problems

The revelation that Google has pulled 58 malicious applications from the Android Market after they infected over a quarter of a million devices brings the promise, potential and future of the Android platform into question. The threat of mobile malware is no longer theoretical or a way for iOS users to bash Android. It's a very real concern.

Before I criticize Android, I'd like to say that Android does a lot of things very well. This article is not about that. I must also perform the obligatory smartphone disclosure, so that all my biases can be addressed in advance. In the last five years I have owned a Sidekick, smartphones running Windows Mobile 5 through 6.5, a few Nokia mobiles, a Blackberry, several Android devices and most recently a Windows Phone 7 smartphone.

Carriers' and Android OEMs' Misguided Priorities

As you might have gathered, my devotion is first and foremost early adoption, exploration and innovation. Bring something new to the table, and I'll give it a chance. That being said, it seems the rate of OEM hardware development and Google software development -- in order to reach feature and market share parity with iOS -- has overheated the dessert-themed engine that is Android.

I say this because the two handsets surest safe from the vulnerabilities are the Nexus One and Nexus S, which are niche devices by Google's own admission, and run the newest Android versions.  According to Google's own numbers, at least 42.4 percent of Android phones are below Android 2.2, leaving them fully exposed (only devices running Android 2.2.2 are safe from last week's Android Marketplace infected apps). Google recognized this and has taken the unprecedented action of remotely patching the affected phones. This is starting to feel very much like Windows XP.

The blame for this failure falls directly on all three levels of the mobile ecosystem:

• Blame the manufacturers who endlessly skin Android, making it harder to uniformly and easily update while abandoning released phones to focus on the latest and greatest.
• Blame the carriers who use the outdated model of 24-month contracts and subsidized phones to lock-in customers with little concern for updates once the subscriber's name is on the dotted line.
• Blame Google who has faltered at getting its partners to upgrade released phones and in keeping firm control of the Android Market. Gingerbread has been available for over three months and is used by a paltry 0.8 percent of Android users. That is simply unacceptable.

I have many issues with Apple's paradigm of computing, but its vertical integration and level of control has become an undeniable asset that ensures that more than 0.8 percent of iPhone users will be on the latest version of iOS three months after its release.

What makes this even more frustrating is the fact that many of these phones can be updated but are simply left to die. For example, that the great Adam of the Android line, the G1, managed to get a semi-functional Honeycomb port shoehorned on to it shows that many of these phones can receive updates. Do I expect carriers to update smartphones for the life of a 2-year contract when the average phone is used for around 18 months? Of course not, but there were a few OEMs as well as a carrier that didn't update a single Android phone in 2010. Not one. For the entire year. See Android's 2010 updates by OEM and by carrier.

The myTouch Slide 3G I bought nine months ago remains with the version of Android 2.1 it came with out of the box. The lack of upgrade communication frustrated me enough to switch to the HTC HD7. Obviously, Windows Phone 7 isn't perfect but the fact that Microsoft is trying to control the update process was enough for me to switch.

What's worse -- it's only going to get more confusing. Android 2.3 is supposedly going to become 2.4, which will take some of the features of 3.0 but still be called Gingerbread. However, Android 4.0, aka Ice Cream, will aim to merge the tablet and phone editions to create the magical centaur of Android. So if you buy an Android 2.2 smartphone today, what is your upgrade path? 2.3? 2.4? 4.0? I guarantee this year you will see Android phone owners struggle to get a 2.2 or 2.3 update while version 4.0 hits a Google Nexus One, S or their successors.

Caught between Haagen-Daz and Honeycomb

Now that Android has moved beyond the realm of niche enthusiast OS into mainstream market leader, the issue of fragmentation must be addressed. The enthusiast refrain of 'root your phone!' and 'XDA' are not mass-market solutions for people who don't want warranty-voiding homebrewed ROMs or understand the difference between Haagen-Daz and Honeycomb.

With equal blame to go around, I would like to present changes each party could make to improve the Android ecosystem and keep users feeling safe and remembered after buying their phones:

1. Carriers

Shift to 12-, 18- and 24-month contracts. Smartphone technology is moving too fast for the tech enthusiast to sit on a two-year contract. By offering increasingly subsidized contracts based on the length of commitment, customers can sign up based on their level of interest in new handsets and avoid being trapped on any given phone.

Create a trade-in and early upgrade process for orphaned phones. If a phone has not been updated to new Android version in the first year of the carrier contract, the owner should be eligible to receive trade-in value on the abandoned phone and/or a discount on another smartphone.

These low-end smartphone devices that Google CEO Eric Schmidt is so passionate about are usually the first to be deleted from the upgrade list. In fact, Motorola just canceled a slate of promised Android updates. These phones should not be dead ends for users.

2. OEMs

Remove Android skins. Hopefully handset manufacturers will soon realize that the best differentiator they can create is not a performance handicapping skin but a pure version of Android that receives updates as soon as possible. Carriers should be showing off how quickly their phones get the newest Android goodies not their shiny stock/weather/calendar widget.

Charge for updates. This might seem controversial since Android is open source. However, manufacturers are not updating phones because there is no profit motive. The novelty of an OS update can provide new life to a phone and do lots to satisfy current owners and to build brand loyalty.

3. Google

Talk to the OEMs. Last year's example of LG having to reverse their claim of their Optimus line being ineligible for Gingerbread is a common example of the miscommunication. Someone using Android as his or her main smartphone OS should understand its spec requirements. Google needs to make its software roadmap clear and seek to stop manufacturers from releasing handsets running the previous version of Android a week before Google updates the system.

Resurrect the original Nexus model concept. Google had ambitious plans for the Nexus One but had those quickly squashed as it tried to roll out the smartphone across the four U.S. carriers. However, Google had it right -- a uniform set of hardware with updates controlled by the software provider improves security and keeps everyone on the cutting edge of Android.

What suggestions do you have for carriers, OEMs or Google that will rectify Android's fragmentation and to improve developers' and users' trust in the platform?

If you're a Betanews reader and would like to express your point of view more broadly (e.g., meaning so it's not lost in comments), please email joewilcox at gmail dot com. We want to post more stories from readers like Hussain Rahim.

Hussain Rahim is a digital media, online advertising and marketing communications professional who is currently completing his MBA in marketing and international business. He is a Betanews reader with a severe addiction to smartphones and a general love of technology. Please follow him on Twitter @HuRa.