Google – Cookie crumbles

Reply to this post

RFM AvatarSmall

 

 

 

 

 

I see no solution to Google’s problems in Android O.

  • Google has released a developer preview of the upcoming Android Oreo (Android 8.0) software, but I can’t see anything here that will help solve either the endemic fragmentation or Google’s chronic inability to update its own ecosystem devices (non-Pixel).
  • The preview of Android O headlines with a series of tweaks that provide incremental improvements to the user experience as well as API upgrades to enable developers to write better apps.
  • A few of these upgrades include:
    • Notifications: tweaks to make notifications easier and more consistent to manage.
    • Autofill framework: includes browser like autofill for commonly used data such as name and email.
    • Picture in Picture mode which is already available on Android TV will now be available to phones as well.
    • Adaptive Icons which can change their appearance depending upon which device they are being displayed.
  • These are all well and good and represent steady improvements in the user experience, but they do nothing to solve the two big issues that continue to hamper the Android user experience thereby keeping usage lower and users less loyal when compared to iOS.
  • These are:
    • First endemic fragmentation: There are thousands of different implementations of Android which behave differently and result in variations in the user experience.
    • RFM research indicates that this variation creates user frustration, lower usage and lower loyalty.
    • Second software distribution: Google has no control over the updates that are applied to the devices that run its ecosystem on Android.
    • This means that it takes up to four years for new software to fully penetrate its user base.
    • This gives rivals plenty of time to copy Google’s innovations and put them into their devices long before Google’s own innovations reach the hands of users.
  • I have long believed that both of these problems are largely responsible (more than demographics) for the much lower usage experienced by Android devices in general.
  • Google’s Android revenues are dependent on usage and I think that these issues are substantially limiting Google’s monetisation potential on Android.
  • This is why I have long held the opinion that Google must take Android fully proprietary to fix these problems and begin to realise its full potential when it comes to monetisation (see here)
  • I am still hopeful that we will see announcements that quietly take Android in this direction at Google i/o this year but the indication from this preview is that i/o 2017 could be yet another year of ignoring the elephant in the room.
  • I remain pretty cautious on Google, preferring instead Microsoft, Baidu and Tencent.

Android Security – Swiss cheese pt. V.

Reply to this post

RFM AvatarSmall

 

 

 

 

 

Leaks look dated but still push Google towards proprietary Android.

  • Even if Google could quickly fix the vulnerabilities in Android that are being exploited by state sponsored hacking, it would be around 4 years before the majority of Google Android users were protected.
  • WikiLeaks has released 8,000 pages of documents that supposedly reveal all the tricks and hacks used by UK and US security services to turn ordinary consumer electronics products into surveillance devices.
  • iPhones, Android smartphones and Samsung TVs appear to be most specifically targeted but I have a feeling that this data is not comprehensive and may actually be considerably dated.
  • This is for two reasons:
    • First: there is no evidence in the leaked documents that any of the Android exploits apply to any version later than 4.4 (KitKat) meaning that 65.5% of Android devices may be unaffected by any of these revelations.
    • This leads me to think that these documents might in fact be very dated as I find it very hard to believe that vulnerabilities in Android suddenly went to zero with the release of version 5.0 (Lollipop) in 2014.
    • Whether these exploits were already known and have already been patched or whether these are new vulnerabilities is unclear at this time.
    • Second: Experts that have looked at the leaked iPhone vulnerabilities have stated that almost all of the leaked vulnerabilities are known and have in all likelihood already been patched.
    • Consequently, it seems likely that anyone running iOS10+ is already immune to these exploits.
    • Again, I find it difficult to believe that the occurrence of vulnerabilities has ceased and that these leaks could relate to pretty old data.
  • Mobile security firm Check Point is of the opinion that this leak may be snapshot of exploits used in early 2016, but I think the Android data indicates a much earlier point in time.
  • To make matters more difficult, assuming there are new exploits in this leak, no code has been released meaning that Google will have to search through millions of lines of code to find the exploits referred to before they can be patched.
  • Furthermore, even when Google has found these vulnerabilities and fixed them, it will then take around 4 years for these fixes to make into the hands of all Google Android device users.
  • This is for two reasons:
    • First: Most Android devices are not updatable.
    • Android is a commoditised, brutally competitive market meaning that in the mid-range, every cent of cost matters.
    • Making a device updateable means that extra resources have to be added to the device which are never reflected in the price.
    • Consequently, the vast majority of Android devices are not updateable to later versions of Android as there is no incentive for the device maker to add this capability.
    • Second: Google has no control over the update process for any of the devices that run its services.
    • It can update Google Mobile Services (GMS) from Google Play but lower level system updates (Android) are controlled by either the maker of the device or the mobile operator.
    • Google has no power compel these entities to update their devices and only has control of updates for its own, Pixel and Nexus devices.
  • It seems possible that this data leak represents some of the oldest and least relevant tools used by state sponsored hackers which is going to put even greater pressure on Apple, Google, Samsung to ensure that their software is watertight.
  • I think that this represents yet another reason for Google to take Android proprietary as having complete control over the code will enable it to quickly fix and distribute any vulnerabilities it identifies.
  • It will also enable Google take greater control of the user experience resulting in a more consistent, fun and easy to use experience for its ecosystem users.
  • I continue to hope to see signs of this at Google i/o in May this year.
  • I still think that Google is more than fairly valued and prefer Microsoft, Baidu and Tencent with Apple for long-term, income based investors.

Jolla – Safe(-ish) anchorage

Reply to this post

RFM AvatarSmall

 

 

 

 

 

Sailfish finds a life line with the Russian government. 

  • The hardy sailors at Jolla have had a pretty stormy couple of years but their ship may have found safe-ish anchorage in Moscow.
  • At the end of 2015, Jolla joined the stagger of zombies (see here) when it ran out of money and had to pause its operations.
  • However, in May this year it secured $12m in funding and has recently won a battle with Samsung’s Tizen to be selected by Russia’s Ministry of Communications as its mobile platform of choice for Russia.
  • Sailfish has benefitted from the increasingly frosty relationship between Russia and the US where the fact that Sailfish has nothing whatsoever to do with any of the US-based platforms was a major plus.
  • Local search player, Yandex does not have the advantage that the BATmen do in China where there is a firewall to keep foreign services from being present in the local market.
  • Hence, Yandex is up against Google and has a big incentive to see devices in the market where Google services are absent.
  • This is because Google’s commercial agreements make it very difficult for competing services to be the default option on the device when it reaches the user.
  • Sailfish was also able to beat out Yun OS which is Alibaba’s proprietary fork of Android because, although the OS is secure, the SDK for developers still comes directly from Google.
  • Sailfish also has the advantage of being able to run Android apps using an emulator called Alien from Myriad Group
  • However, because it is an emulator, there are issues with the performance of those apps and games in particular.
  • While Jolla has done well to secure the backing of the Russian government, it is no guarantee that it will see any success in the market.
  • The key will be how well Sailfish can work with services from Yandex which is the local leader in search and has a series of Digital Life services that are applicable to the local market.
  • To make this work effectively, Yandex services will need to be ported to Sailfish which is where a start-up. funded by the head of ESN Energy, called Open Mobile comes into play.
  • This start-up has adopted Sailfish and aims to integrate Russian specific services onto Sailfish to increase its appeal locally.
  • The key to the success or failure of this venture will be how well a Sailfish device can cover the Russian Digital Life pie and how well it fares against RFM’s 7 Laws of Robotics.
  • To date Sailfish has scored poorly on these measures as there has been no real ecosystem available, just an operating system.
  • Furthermore, I think that the backing of Yandex and the local operators will be of crucial importance as the platform will need a big marketing push to raise its awareness with Russian users.
  • Jolla is still running on financial fumes but it now has a chance to see some income should it gain some traction in the local market.
  • In that regard its fate lies in the hands of the Russian operators and Yandex.

Android Security – Swiss cheese pt. IV

Reply to this post

RFM AvatarSmall

 

 

 

 

 

Another horrible hack that Google is powerless to address. 

  • The worst part of this latest breach is that the hackers are targeting vulnerabilities in Android that have been well known for some time which no-one appears capable of fixing.
  • This only serves to reinforce my view that Google’s only way out of the nasty mess of Android fragmentation where virtually no phones can be properly updated remains to take Android fully proprietary.
  • 3m Google users appear to have had their accounts stolen which are now being used to generate $320,000 per month in fraudulent advertising scams.
  • The Gooligan exploit is a variant of Ghost Push which came to light in September 2015 some 14 months ago meaning that there has been plenty of time to issue a fix.
  • The problem with Android is not that it has any particular flaws that make it less safe than iOS or Windows but that none of the fixes for these problems ever make it onto the affected devices.
  • There remain two reasons for this:
    • First: The infrastructure for updating Android devices is horribly fragmented with each manufacturer or operator having control if its updates.
    • With all the different variations and add-ons, extensive testing is required to ensure that the variations and add-ons don’t break when the phone is updated.
    • Furthermore, because none of these players own the end relationship with the customer they have no incentive to improve it.
    • I think that this is Google’s most pressing problem (see here).
    • Second: Most Android handsets cannot be updated.
    • Android is a commoditised, brutally competitive market meaning that in the mid-range, every cent of cost matters.
    • Making a device updateable means that extra storage and memory must be added to the device which are never reflected in the price.
    • Hence, the vast majority of Android devices are not updateable to later versions of Android as there is no incentive for the device maker to add this capability.
  • The net result is that there is very little prospect for owners of these devices ever to be free from this problem or any of the others that have emerged for Android without buying a new device.
  • This is far beyond the means of most Android users meaning that they will constantly be exposed to any new threat that emerges with little prospect of it ever being fixed.
  • This is just another reason why usage of Android devices is likely to continue trailing that of iOS and why these devices are likely to yield a much lower return for the ecosystems that run upon them.
  • For example, RFM estimates that Google can earn $31.6 per user per year from an iOS device whereas its own Android devices can only generate $14.0 per user per year on average.
  • Part of this is due to the differences in demographics between the two ecosystems but I am certain that most of it is due to the fact that Android devices are more difficult to use, less secure and as a result generate much less traffic.
  • Consequently, I think that Google has to take control of Android because in its current state, it is very unsecure where very little is likely to change.
  • I continue to believe that this may happen in 2017 as Oracle has provided Google with the perfect excuse to do so (see here).
  • I remain pretty cautious on Alphabet preferring instead Tencent, Baidu and Microsoft.

Google – Pilgrim’s progress.

Reply to this post

RFM AvatarSmall

 

 

 

 

 

Google advances further towards full control of Android.

  • It appears that mobile operators ranging the Pixel and Pixel XL will not be customising the devices in any meaningful way as well as relinquishing control of software updates.
  • This will allow Google to move one step closer to full proprietary control of the software that runs its ecosystem.
  • Ever since the launch of the Pixel there have been fears that mobile operators would fill Pixel with “bloatware” that would degrade both the experience and the performance of the device.
  • Many mobile operators have spent over 10 years trying to generate differentiation for themselves through this route but they have all failed as the services that they have offered have not delighted users in any way.
  • The services’ software has also almost always required substantial modification with every revision of Android meaning that operators often take months to update the devices in their networks, if ever.
  • Furthermore, because many of these services were installed as part of the factory software build, users could not uninstall them.
  • However, with the Pixel devices, Verizon (and I suspect Telstra and everyone else) will be updating the devices at exactly the same time that Google does.
  • This leads me to believe that mobile operators carrying the Pixel have, handed over control of updates to Google with their own modifications being no more than services that users can get from Google Play.
  • With the issue of liability should a Google update kill the device, I suspect that Google has taken liability for the Pixel updates.
  • I see this as another significant step by Google in taking the Android code that runs its ecosystem devices proprietary like iOS or Windows Phone.
  • This will fix the two most pressing problems that it has in Android which are:
    • First: endemic fragmentation which hampers the user experience.
    • Second: inability to update the vast majority of its ecosystem devices.
  • I suspect that in return for ceding complete control to Google and providing marketing support for Pixel, operators have no liability for the device and receive a share (TAC) of revenue that Google generates from the device.
  • This should help them offset the pricing pressure that they are feeling from being little more than commoditised packet pushers as well as the pressure being felt in roaming rates.
  • I have long believed that the shortcomings of Android are largely responsible for the fact that Google generates less than half the revenues from an Android user than it does an Apple user.
  • By taking complete control of Android, Google should be able to put these issues to bed and thereby increase the revenues that it can generate per Android user.
  • This could be a source of meaningful extra growth for Google which should help offset the impact of falling growth in its total user count.
  • Unfortunately, in the grand scheme of things Pixel is likely to be only a tiny proportion of Google ecosystem devices meaning that Google has to extend its control across the rest of the platform.
  • All the signs are that this will begin in earnest in 2017 where Google has a perfect opportunity to blame Oracle (see here) when developers complain about the loss of open source code.
  • I think that at $784 Alphabet shares are already reflecting success at driving greater revenues per Android device and are not reflecting any long lasting damage from the EU investigation.
  • This is why I see more downside than upside in Alphabet and continue to prefer Baidu and Microsoft.

Google Android – Useless genius

Reply to this post

RFM AvatarSmall

 

 

 

 

 

Another great service that is effectively useless. 

  • Google has launched a new service that has the potential to deliver incredible value to Google but the limitations of Android render this stroke of genius effectively useless.
  • Google has updated its search app on Android such that it can now search for and categorise content and data within apps and services that it does not own.
  • This provides the user with a useful tool for searching his device and gives Google the ability to collect data from Digital Life services that it does not own.
  • This is a variant of Google’s Now on Tap service which allows context based search from anywhere on the device (see here).
  • I have long believed that this is a stroke of genius as Google currently only has 41% coverage of the Digital Life pie but this feature allows Google to collect data as if it owned 100%.
  • The net result will be greater understanding of its users and better targeting of its advertisements meaning higher prices, driving revenues and better margins.
  • Unfortunately, this service requires low level changes to be made in the Android Open Source Package (AOSP) meaning that the device has to have version 6.0 (Marshmallow)or later in order for this service to work.
  • The “in App” search also requires Marshmallow meaning that it will effectively be useless for several years to come.
  • This is because although there are 920m Google Android users, only a tiny fraction of them have a device that runs Marshmallow.
  • Furthermore, RFM research indicates that the vast majority of Android handsets cannot be upgraded to the next major release of Android meaning that to get Marshmallow the user needs to replace his device.
  • This gives competing ecosystems plenty of time to study the innovation, download the source code, improve it and get it to market years ahead of Google.
  • This is why I have long been of the opinion that Google is effectively doing competition on behalf of its competitors.
  • Furthermore, it means that it will be at least 2 years before any real benefits of this new feature make themselves felt on Alphabet’s bottom line.
  • By contrast, Apple is able to update over 90% of all its iOS devices within 3 months of a new version of the software becoming available.
  • This is how Apple was able to launch Apple Music to 400m users within 3 months with the touch of a button.
  • I have long believed that this situation, combined with the endemic fragmentation of Android is largely responsible for Google’s low Average Revenue Per User (ARPUs) on Android as well as the lower loyalty demonstrated by Android users.
  • I can see only one solution to this problem which is for Google to take complete control of the Android software effectively removing new versions of the code from open source.
  • This will allow Google to offer both a good user experience and also to ensure that improvements in its ecosystem are delivered to users in a timely manner.
  • This in turn should bolster revenues from Android but I think that the market is already discounting these revenues in the valuation of Alphabet’s shares.
  • This is why I remain cautious on the performance of Alphabet going forward and why I prefer Samsung, Microsoft, Baidu and even Apple from an investment standpoint.

Google & Android – Closed source pt. II

Reply to this post

RFM AvatarSmall

 

 

 

 

 

Google is inching closer and closer to taking Android proprietary. 

  • It looks very much as if Google’s Nexus devices this year will show the first signs of a badly needed move to take Android from open source and make it proprietary like iOS and Windows.
  • Google typically updates its Nexus line of products in the autumn to coincide with the availability of the latest version of Android (N).
  • This has been done to demonstrate to handset makers what it thinks the ideal implementation of Google Android should look like.
  • To date, the Nexus project has produced pretty good devices but with tiny volumes that have been largely ignored by the handset industry.
  • Google has already said that it intends to become more opinionated about the design of phones which to me is the first step in accelerating a trend that is been ongoing for three years.
  • Google Mobile Services (GMS) is a proprietary piece of software that contains all of Google’s ecosystem and sits on top of the open source Android OS (AOSP).
  • For the last three years Google has been gradually migrating functionality from AOSP into GMS because Google can prevent fragmentation in GMS as well as distribute updates directly to users.
  • While, this has enabled some improvement in the Android user experience, the AOSP is more fragmented than ever, with most handsets never being updated resulting in a poorer user experience for users driving lower usage and loyalty.
  • It is of paramount importance that Google’s fixes these problems because if they continue, revenue generation from Android devices will continue to substantially undershoot its potential.
  • I have long been of the opinion that the only option for Google to fix this is to take the entirety of Android proprietary and thereby prevent fragmentation in future versions of its ecosystem devices as well as take full control of the updates.
  • The net result should be a user experience that is more likely to delight users that has the scope to be much more secure resulting in much needed higher usage and loyalty.
  • It looks very much as if the new Google devices that it will launch in the coming weeks will herald a real move in this direction, which I expect to continue with the launch of Android O at Google i/o in May 2017.
  • For the creators of Android forks such as Alibaba, Xiaomi, Tencent, Cyanogen and so on, this means that they will also be forced down the same road resulting in a series of proprietary operating systems all based on a common kernel.
  • For developers, this will make their lives generally easier as developing apps for Google Android devices will become much easier but more work will be required to also develop for others.
  • I continue to believe that this is the only way that Alphabet can reach the market’s expectations in terms of medium term revenue growth for its Google business.
  • This is why I see risk in Alphabet’s numbers because the path to making Android proprietary will be difficult as developers will need to be convinced that this for the best.
  • Furthermore, Alphabet will also still have to contend with the EU which is already concerned with what it considers to be Alphabet’s monopolistic practices in Android.
  • Hence I think that in the best instance, Alphabet’s share price is fair leading me to want to look elsewhere.
  • Samsung, Microsoft and Baidu are the places where I would be looking while I am waiting for the right time to look at Facebook.

Cyanogen – Call for vultures.

Reply to this post

RFM AvatarSmall

 

 

 

 

 

Software asset worth buying from a dying Cyanogen. 

  • Although, Cyanogen appears to be on its last legs, I think that the software asset that it has developed remains the best alternative to Google Android that is available.
  • The latest twist in the sorry tale of Cyanogen is the claim that management miss-represented its user numbers to its investors when it raised $85m in March 2015.
  • At the time of the fund raising a number of 25m tracked users was used that went hand in hand with an estimate that there were around 50m active users of the software overall.
  • Cyanogen OS has some excellent privacy features that make it impossible to track a device should they be enabled which gave rise to the estimate of another 25m users that the company could not see.
  • Unfortunately, it appears that the current number of active users is closer to 2m rather than 25m with the commercial version (used by handset makers) registering around 4m (The Information).
  • I suspect that the accusation of miss-representation is without merit and that the reality is that through poor strategy and execution, the user number has fallen of a cliff in the last 12 months.
  • Cyanogen began life as the anti-Google Android offering but quickly changed direction when it realised that to get volume, it had to be compliant with Google’s standards.
  • This was when the code split into CyanogenMod (not compliant partly maintained by the community) and Cyanogen OS (compliant and managed by the company).
  • Cyanogen OS was given to handset makers to create devices and deals stuck with service providers such as Microsoft (Office 365) for a share of service revenues generated.
  • I have long believed that this business model was doomed to failure (see here) which combined with very poor execution led to no revenue generation and the need for yet another shift in strategy.
  • RFM research indicates that the current plan is to cease development of the OS entirely and instead concentrate on providing hardware makers with custom implementations of the Android code.
  • In effect, Cyanogen will become just another body shop with very little to distinguish it from the many competitors that already exist in both India and China.
  • Cyanogen’s list of departed clients is long and includes Oppo (currently 2 the Chinese market), Micromax and many others who have since returned to stock Android.
  • I think that these clients left Cyanogen not because of the product, but due to the way that they were managed by the company which is what I think prompted the precipitous decline in user numbers.
  • RFM research indicates that one of Cyanogen’s last clients, Wileyfox which is currently front and centre on Cyanogen’s website, is also moving back to standard Android.
  • This leaves Cyanogen with no way for its commercial product to make it to market ending any hope (forlorn in my opinion) that it would ever generate any revenues.
  • I do not think that Cyanogen’s last gasp strategy to become a body shop will work because it’s a commoditised business where there is brutal price competition.
  • This is a very disappointing outcome because I have long held the opinion that Cyanogen OS is an excellent implementation of Android.
  • Furthermore, in its recent iterations of the code it has enabled the kind of data sharing that I think is required for an ecosystem to take its functionality to the next level.
  • Consequently, Cyanogen OS is an excellent option for any ecosystem that needs to have control of its user experience, be able to evolve it, deploy its services and set them as default.
  • RFM research (see here) indicates that this is what the Chinese ecosystems need to do to evolve into full ecosystems with a complete set of Digital Life services.
  • Outside of Alibaba (with YunOS and Meizu) and Xiaomi, the other ecosystems are at a very early stage and I think that acquiring the Cyanogen OS would give them a rapid leg up in the race.
  • Furthermore, I think that any other player is that is thinking of trying to break free from Google in Android in emerging markets should also be interested in acquiring this asset.
  • The proceeds from the sale could give Cyanogen some more runway to get this new strategy off the ground even though I suspect that it will never take-off.
  • I see one of the BATmen as the most likely buyer.

Google – From Russia with Love pt. II

Reply to this post

RFM AvatarSmall

 

 

 

 

 

Russian ruling could have global implications. 

  • Although the Russian complaint against Google is a sideshow compared to the EU, it could materially weaken Google’s global agreements that allow it to ensure its ecosystem is on almost all Android devices in developed markets.
  • The Russian regulator (FAS) has already fined Google $6.75m for requiring handset makers to install its services on their phones to be able to use its App Store: Google Play.
  • FAS also came down on Google for refusing to allow other third party services such as Yandex Search to be pre-installed.
  • However, Google appears to have already dropped this requirement and Yandex has seen a corresponding increase in search share in the Russian market.
  • The Google agreements that really matter are the MADA and the AFA.
    • Mobile Application Distribution Agreement (MADA).
    • This agreement requires anyone wanting to use Google Play to also include the key Google services such as search, mail and maps and to display them prominently in a folder on the home screen.
    • RFM research indicates that it also requires these services to be set as default on the device such that a request from an app to open a map always defaults to Google Maps.
    • This ensures that it is Google’s Digital Life services that are predominantly used and it is this bundling that both the FAS and the EU object to.
    • The Anti-Fragmentation Agreement (AFA).
    • This agreement is required for a handset maker to deploy Google Play and prevents the manufacturer from producing other devices that use non-Google versions of Android.
    • This prevents any handset maker from providing any alternative to Google on any Android device anywhere in the world.
    • I suspect that this has been a factor in Google’s ability to dominate the Indian market where it is now almost impossible to sell a device without Google Play on it.
    • Google has effectively seeded the Indian market with its services and the game may already be over for the home grown alternatives.
  • In addition to the fine, the FAS has also demanded that Google change these agreements with device makers.
  • Google has appealed this decision and a hearing is scheduled for August 16th.
  • While the MADA is signed on a device by device basis, the AFA is a global agreement and should the FAS force Google to relax the AFA, then it could have global implications.
  • This is because handset makers would then be free to user other versions of Android without Google services being installed potentially weakening Google’s grip on Android in markets outside of Russia.
  • Furthermore, the FAS’s decision will provide precedent which, in legal conflicts such as this, can be highly influential in determining the outcome.
  • I continue to be concerned that Google’s grip on its ecosystem on Android devices may be slipping bringing into question RFM’s medium term revenue forecasts.
  • Most of Alphabet’s revenue growth from here is being driven by advertising revenues derived from Android devices, raising the possibility that RFM’s numbers are too high.
  • Even assuming that nothing goes wrong, the shares of Alphabet look fairly valued at best, leading me to believe that there is better value to be had elsewhere.
  • Samsung, Microsoft and Baidu continue to be the places where I would be looking.

Android security – Swiss cheese pt. III

Reply to this post

RFM AvatarSmall

 

 

 

 

 

Security is just another reason to close Android down. 

  • Another vulnerability has emerged that exposes over 900m Android devices to the possibility of granting root access to hackers potentially making the device part of an illicit botnet as well as the theft of all data on the device.
  • Checkpoint has released details of four vulnerabilities (Quadrooter) that affect Android devices powered by Qualcomm chipsets but the good news is that there is no evidence to date that the exploits have been used in the wild.
  • Checkpoint provided Qualcomm with the details of these vulnerabilities 90 days ago which in turn released patches for its vulnerable drivers but it is there where the orderly process stops.
  • Qualcomm has made the patches available to any customer using its chipset, but whether the end devices themselves have been patched is a matter of great doubt.
  • In the normal scheme of things, a vulnerability is found, communicated to system owners who then create a patch and make it widely available.
  • In iOS and Windows, these updates are rapidly distributed to all users who then update their systems and within a few weeks the issue has been put to bed.
  • However, with Android this is not the case as there are two issues that prevent devices from being updated.
    • First: Most Android devices are not updatable.
    • Android is a commoditised, brutally competitive market meaning that in the mid-range every cent of cost matters.
    • Making a device updateable means that extra resources have to be added to the device which are never reflected in the price.
    • Consequently, the vast majority of Android devices are not updateable to later versions of Android as there is no incentive for the device maker to add this capability.
    • Second: Google has no control over the update process for any of the devices that run its services.
    • It can update Google Mobile Services (GMS) from Google Play but lower level system updates (Android) are controlled by either the maker of the device or the mobile operator.
    • The two exceptions are Xiaomi and Cyanogen both of whom have retained the ability to update devices running their software.
    • This is provided that the devices themselves are updateable as per the first issue above.
  • These issues are so acute that even Google, will not have fixed all four of the vulnerabilities in its devices until the September update is distributed and installed.
  • I suspect that for many handset and tablet makers, this vulnerability will continue to exist for a long period of time.
  • While the Quadrooter has not caused any damage per se, this issue clearly demonstrates that, should a major hack occur, it will take the Android community many months to fix it, if it fixes it at all.
  • This issue combined with the endemic fragmentation of Android is a major reason why I think Android devices generate much less traffic than iOS devices and why Android users demonstrate much lower loyalty.
  • One only has to look at the defection of users from Android to iOS when the iPhone 6 was launched for evidence of how vulnerable Android is to market share loss.
  • This is bad news for Alphabet as RFM research finds that its long-term growth is dependent on traffic generated by Android devices meaning that these issues are hampering its growth potential.
  • I continue to believe that Alphabet will solve this problem by taking Android completely proprietary, effectively removing it from open source (see here).
  • This will solve all of these problems in one go but comes with the problem of convincing the community that going proprietary is in everyone’s best interest.
  • Here, Google will have the advantage of being able to point the finger at Oracle (see here) as the architect of the problems that have forced it to close Android down which I think will make things much easier for Alphabet.
  • I think that this will begin in earnest in 2017 probably at its developer conference (i/o) in May.
  • I continue to prefer Baidu, Microsoft and Samsung over Alphabet for the immediate term with Tencent and Facebook on my watch list for the right signals to enter.