Of BYOD and Android Fragmentation

This article explains what is android fragmentation and what issues it poses to OEMs, developers and consumers and more so to enterprises especially w.r.t security and gives tips to IT on how to deal with fragmentation as it is not the end of the world and recommends tools to deal with the fragmentation as well as BYOD security in general.

Currently there are six different versions of the Android OS in use. As per Google statistics, there are nearly 500 million Android devices. Ice Cream Sandwich 4.0 accounts for 29.3%, Jelly Bean 4.1/4.2 accounts for 25% of devices, Gingerbread 2.3 accounts for 39.8% of devices and other versions accounts for about 6% of devices. If this is not enough, OEMs (Samsung, HTC, & other OEM vendors) add a customization layer on top of it to distinguish themselves in the market from other vendors creating an additional separate version of Android.

Since Android OS has to support multiple versions for backward compatibility and make sure that APPs developed for 4.x still continue to work on 2.2, the size of the SDK is growing. Each new release of the Android SDK has been significantly larger than the previous. The Android Software Development Kit (SDK) has increased from 72 MB to 203 MB from versions 2.0 to 4.2, respectively. Device OEMs only partition a certain amount for the OS. Once done, you can’t physically resize the partition containing the OS. If the new version of Android, plus their customization skin, is larger than the amount of space partitioned, then OEMs cannot update to the new version of Android. In a way your old model is stuck with an older version of the OS.

Due to proliferation of diverging variants of the android platform and the inability of all devices to upgrade to the latest OS and the idea of making all apps backward compatible will make the apps not truly run on all there variants except on those for which it was built specifically for one variant or device. This issue is what is called Android Fragmentation. The inability to physically resize the partition containing the OS is one of the biggest reasons why fragmentation exists in the Android platform.

So the whole fragmentation scenario unfolds like this: as Google works on releasing its new version, the OEMs need to take that release, rework and customize and make sure it works well for all its versions which are in the market. After the OEM has done with the customization, carriers then have to add their own customization of customs apps, perform tests and create a decent user experience. So what is in there for OEMs and Carriers to do this? Not much and hence you hardly see OEMs pushing a upgrade onto your phones.

Is android fragmentation (AF) a big deal? Not for the consumers. The fact of the matter is that you can still make calls, send texts and run the same apps. In this case why do you care? Of course there are few apps you can’t run on older versions or some content (video) can’t be run but that is a small percentage. Every single app in the Google Play store will work on at least 90% of the Android devices still being used today. So probably Google wont care much either. IN reality the average consumer (of android) has no idea what fragmentation even is.

Then is fragmentation a big deal for app developers? Probably yes when you try make your apps run on all variants and on all possible devices (of course you will go nuts but that is a separate issue! 🙂 )

Is the fragmentation a big issue for enterprises? Much more than others if you have enabled BYOD in your organization. Why? Security is a huge issue and every OS variant has many vulnerabilities and worse even if Google fixes the issue in its versions, for the reasons mentioned OEMs and Carriers wont take those fixes and update their consumers ..it is cumbersome, expensive and what do they get at the end of the day for doing it? That is the reason why most organizations wont allow android devices and that is prime reason why you see more than 30% devices that are unauthorized in the network. In few organizations they set a baseline to set a BYOD policy. For example employees who want access to the corporate network and mobile management resources must have at least Android 4.0 installed on their device.

I have seen many security companies parrying the question when it comes to android fragmentation. It is not a easy way out for them. What security will you provide when there are know vulnerabilities in these older OS which can be easily utilized to either to steal data or to get your network to its knees? You can always set policy on the baseline but how will you prevent others getting on the network? There are many many ways to get onto network and do everything and still go undetected.

Yes base lining would certainly make life easier for IT in the short-term as they figure out how to support a limited range of platforms, less variables but in the longer term they will need a device and OS agnostic security approach as fragmentation (and vulnerabilities) is not going away.  This is where the agentless way (zero footprint on the device) of securing devices scores over all other means.

What is the way out for organizations? Organizations need not support all versions of android. Decide on a BYOD policy, baseline the devices, create strong mobile policies, research what platforms (or versions of Android) can meet your policy requirements, find an MDM (or even Microsoft’s Exchange Active Sync (EAS)) may be that meets the requirements for al platforms you have selected, have a agentless tool that discovers all unauthorized devices that are trying to get into the network and pull them into the safety net of these MDMs or EAS, train employees on safe usage and then allow them to connect to your network!!

[About the author : Manjunath M Gowda is founder and CEO of i7 networks.]

Leave a Reply