On Thursday, April 3, Facebook announced plans to release a new software overlay called Home for certain Android phones. Home would essentially turn these phones into Facebook phones by converting users’ home screens to a version of their Facebook news feed called Cover Feed. The software is not a new operating system, as some pundits predicted, but rather sits on top of existing versions of Android. Nonetheless, it could be the latest sign of a fragmentation of the Android operating system that threatens to create new roadblocks for developers and introduce software security challenges.
Android has suffered from fragmentation problems for several years since the introduction of the 2.x version of the operating system across multiple carrier devices, a recent ZDNet article noted. Devices such as Amazon’s Kindle Fire and hybrid systems such as BlackBerry OS 10, which uses a port of Android Dalvik 2.3.3, have introduced additional forks of the Android operating system, creating issues for developers as they attempt to test for compatibility on different devices and OS versions.
This fragmentation has also introduced software security issues, a recent PC Magazine article reported. According to data from Google, 44 percent of Android users are on “Gingerbread” versions 2.3.3 through 2.3.7, which are known to contain multiple vulnerabilities. In contrast, just 16 percent are using “Jelly Bean” versions 4.1 or 4.2, which have been out for months.
In many cases, updates are restricted by carriers and device manufacturers, whose software add-ons and configurations create compatibility issues, PC Magazine noted. New versions of Android must be tested against proprietary Android overlays such as Samsung’s TouchWiz or Motorola’s Motoblur before they are rolled out to users. With many people continuing to run outdated and unpatched software, cybercriminals have easy access to a large user base.
“You don’t need a zero-day to attack most Android devices if consumers are running 13-month-old software,” security researcher Chris Soghoian said during a panel at the RSA Conference, according to PC Magazine.
How Facebook adds a new layer of complication
Facebook’s Home overlay could increase the fragmentation of Android, ZDNet’s Jason Perlow wrote. While it is not a new Android fork, but rather a user experience overlay similar to TouchWiz or Motoblur, it will likely add new features that violate Google’s terms of service as it looks for monetization paths. For instance, it might enable in-app extensions or leverage features that could allow applications to be installed without Google Play approval. If this happens and Facebook gets removed from Google Play, it would make sense for Facebook to introduce a sideloaded app store, such as the one Amazon already runs on Android.
As other Android OEM partners such as Samsung invest in their own proprietary apps that replace core Google-supported Android functions, they may do the same, Perlow added. The potential for Samsung, Amazon and Facebook to all end up creating their own full-scale Android forks, then, is high.
“Samsung and Amazon will almost certainly introduce new libraries and new APIs in order for developers to take advantage of the distinct features of their respective Androids,” Perlow wrote. “And Facebook Home, as it evolves, will also extend its tendrils into the OS in the very same way. This is how the road to fragmentation hell is paved.”
At the same time, less influential Android OEMs such as LG are likely to stick with official Google releases, while Chinese manufacturers such as ZTE, Lenovo and Huawei may introduce their own Android builds that support domestic standards. The potential for anywhere from four to six distinct Android forks to emerge is considerable, Perlow speculated. And tension created as a result could create new compatibility issues with APIs and OS extensions.
“The future of the Android developer ecosystem is fiefdoms controlled by powerful warlords,” Perlow wrote.
While this take might be a little extreme, increased fragmentation will likely result in a situation in which developers find themselves having to test for compatibility across even more versions of Android. Additionally, managing software security will become even more complicated. Tools such as source code analysis software may be able to help smooth over potential interoperability bugs, but challenges could persist. It remains to be seen how Facebook’s Home will actually impact the overall Android landscape, but Android developers will want to pay close attention as the social networking giant makes a play for the mobile space.
Software news brought to you by Klocwork Inc., dedicated to helping software developers create better code with every keystroke.