Android 4.1 Jelly Bean: Can it Solve Android's Fragmentation Problem?

We speak to an industry expert to assess if Android Jelly Bean will help end the platform's fragmentation issue and if App Encrytpion will help prevent the spread of malware.

Fragmentation in Android has led to a situation where 4,000 different Android devices are currently in use around the world, a figure we know thanks to the work of OpenSignalMaps. This staggering figure clearly highlights a problem facing Google, and Android developers.

Smartphone and tablet manufacturers who use Google's Android operating system are free to tweak the interface as much or as little as they like, and most do, as we see with the likes of Samsung's TouchWiz UI and HTC's Sense UI.

Most smartphone users therefore could not tell you what a pure Android experience is like, unless they own one of the reference smartphones, such as the Nexus One, Nexus S or most recently Galaxy Nexus.

While fragmentation for developers causes issues to do with coding and testing, for end users the major problem is the delay in getting the latest version of the Android operating system out to customers.

Even after Google releases the Android 4.1 (Jelly Bean) software in mid-July, each manufacturer will then have to test the software on its devices, add whatever features it wants before sending it out to customers.

However that's not the end of the story, as each mobile network will then have to test the software again to make sure it's safe, before the update is finally sent out to customers. This can lead to huge delays and the problem is highlighted by the fact that only 7 percent of Android devices in use at the moment use the previous version of Android, codenamed Ice Cream Sandwich, which was released over a year ago.

Android 4.1: Platform Development Kit (PDK)

Google has therefore come under some pressure to follow Apple's - and more recently Microsoft's - lead, and create a more streamlined update schedule, which would see all compatible devices get the new software around the same time.

And it looks as if Google is taking notice. Announcing the launch of Android 4.1 (Jelly Bean) last week, Google also announced the launch of something called the Platform Development Kit (PDK) which is to hardware manufacturers, what the software development kit (SDK) is to app developers.

According to vice president of Mobile Security at Trend Micro, Cesare Garlati, this is a positive move: "The Android Platform Developers Kit is the hardware equivalent for OEMs of the SDK for app developers. Usually SDKs are released months ahead of product launches because platform vendors want app developers to make as many apps as possible available for the day of the launch - or soon after. This is a good step in the right direction."

However, Garlati remains unsure whether or not the PDK will have the desired effect of solving the issue of fragmentation, as the problem, in his opinion, is not a technical one, but a business one:

"I am sceptical about its actual effect on Android fragmentation, which is mostly driven by the legitimate business need to differentiate otherwise commodity products, rather than caused by technical reasons. Let's not forget that OEMs - and wireless carriers - all have an interest to get people to buy new devices as a way to upgrade their devices."

Android 4.1: Security

Fragmentation is only one issue which is seen as a problem for the Android platform with security another major issue which Google needs to address. Garlati believes that the Jelly Bean update is not necessarily a good move in this respect.

"I am a little concerned about the security implications of some of the new consumer-oriented features related to Wi-Fi connectivity and data exchange."

One of the features he is speaking about is Wi-Fi Direct, a technology that lets apps discover and pair directly, over a high-bandwidth peer-to-peer connection, along with the Android Beam feature that allows Bluetooth data transfers from one device to another triggered by NFC.

However there are a couple of enterprise level features in Androind Jelly Bean which Garlati welcomes, namely Network Bandwidth Management and the Smart App Updates. Network Bandwidth Management will allow IT managers to more closely monitor the data usage of mobile devices on their networks.

"Apps can query whether the current network is metered before beginning a large download that might otherwise be relatively expensive to the user. Of course this means that various MDM/TEM software will have to integrate with this API, to get a clear picture of which networks are sensitive to data usage and manage the network activity accordingly," Garlati explains.

Smart App Updates, which make app updates smaller, faster - and therefore cheaper - to download, may also help the overall system security by "increasing the likelihood that end-users will keep their apps up to date," Garlati added.

Android 4.1: App Encryption

The final new addition to Android Jelly Bean which will affect developers, and the security of the Android eco-system, is the introduction of app encryption. This means that all paid apps in Google Play are encrypted with a device-specific key before they are delivered and stored on the device.

While this won't make much of a change for end users, it is designed to protect app developers by making it much more difficult for illegal software copies to make there way into Google Play, and trick users into downloading them.

However Garlati believes the new feature could actually hinder the process of scanning apps to find malware: "As a side effect, this new technology may actually make it more difficult to run mobile app reputation services - such as the one offered by Trend Micro - that scan for a multitude of malware applications afflicting all Android app stores - Google's included.

However there is one positive accordign to Garlate, as app encryption will make it more difficult for hackers: "At the same time it may also make it more difficult for a hacker to reverse engineer a legitimate app to then inject malicious code."