Watch this episode on YouTube.
Reasonably Accurate 馃馃 Transcript
Morning, everybody in this episode of the show, we're gonna explore the impact of the latest Huawei news on Android cybersecurity. Recently the US government increased pressure on Chinese telecom giant Huawei. Now there's multiple layers to this issue and a lot of them are political.
You've probably seen a bit of this fight around five G network infrastructure. We're not going to dive into politics. That isn't what this show is about. What we are going to tackle is the reality of the latest move by the US.
Now last week, the US put Huawei on the US entity list. This is published by the US Department of Commerce and this list sets uh um license requirements for the export reexport and transfer of certain items into the United States and out from the United States.
Now, in simpler terms, it really sets our restrictions around a company's ability to do business in the US and with us based companies in the name of national security. Now being on the US entity list directly affects Huawei's relationship with Google.
Huawei makes the popular P 20 P 30 lines of smartphones and these phones run the Android operating system. And they live in the Google ecosystem. When I say popular, I do mean it the numbers change depending on the source. But Huawei undeniably one of the top three mobile vendors on the planet now being put on the US entity list means that Google is no longer allowed to export their technology to the Shenzhen based company.
This means that Huawei's phones will only be able to use the Android open source or A OS P moving forward. Now, that doesn't sound so bad, right? Android is a very competitive landscape and the open source project powers it all. Uh Huawei won't be losing much ground here, right.
Well, wrong name, an Android phone that doesn't have Google search or Google Maps or Gmail or access to the Google Play store and it doesn't end there. What most people think of as Android is actually the combination of the Android open source project and Google mobile services.
Most people wouldn't actually recognize an Android device so that Google mobile service is layered on top. Now, as a result of this order at some point in the near future and near currently means about 90 days out, Huawei will lose access to the top half of that technology stack with all the Google mobile services being pulled from new phones and maybe existing ones.
No one's quite sure about that little detail. Now, the cybersecurity angle here is an interesting one since its inception, Android security updates have been problematic at best that being super polite. Unlike Apple's ecosystem where a patch is released by Apple and it's pushed out to all devices automatically.
Android is a lot more complex in an ideal scenario. Again, an ideal scenario, Android patches are released by the Android open source project or by Google, accepted by the hardware component manufacturers, accepted by the handset manufacturers accepted by the mobile providers and then eventually released to the end user.
Now this flow won't change for Huawei assuming assuming that the patch is issued as part of the Android open source project. This isn't necessary, there isn't necessarily a clean line between these initiatives as there should be. And as a result, Huawei devices might lose out on some critical security patches that aren't released at the lowest public layer.
Now, ironically, that's as a direct result of work that Google is doing to make the Android ecosystem more secure by pushing updates directly to add users as opposed to the multi stakeholder workflow that exists today. Now, that's the tip of the iceberg uh when it comes to the fallout of the ongoing dispute between us and Huawei politics.
Aside, it's an example of the repercussions of cybersecurity and privacy with large global ecosystems and real world devices will Huawei come up with a plan for long term sustainability and the security of their existing devices for new ones only time will tell.
Now, what do you think of this issue? How would you handle or how do you handle the life cycle of devices when there are dramatic changes to their support model. This is not the only case we've seen it with Nest where Google's involved again with IOT.
This is a real ongoing challenge and it's only going to get worse as we get more and more devices. How sustainable are these? When there are geopolitics at play, when there is the life cycle of the company itself at play, there's a lot of complicated issues here.
But at the end of the day, we have devices that are floating around that need updates that may not be able to get them. Let me know what you think uh online where I'm at at Mark NC A in the comments down below.
And as always by email me at Mark N dot ca, I look forward to talking to you about this issue and we'll see you on the next show.
