Google Inc.'s Latest Android Bug is a Prime Example of Internet of Things Security Problems

Tough luck for older versions of Android. Source: Android.

Earlier this week, Ars Technica wrote the fearful (and accurate) article "Google won't fix bug hitting 60 percent of Android phones."

In it, Peter Bright explained that Google (GOOG 0.40%) (GOOGL 0.35%) was recently notified of a new bug in the WebView part of Android 4.3 (and earlier versions), but the company isn't creating a patch. Instead, Google will simply notify OEMs of the problem.

Yikes.

Older versions of Android do still receive some updates from Google, but the WebView component -- where the current problem is -- isn't getting any more updates.

Bugs and security breaches are, of course, a normal part of our digital lives. And most of the companies that make software (or sell us devices) step up and patch problems without us even knowing there were problems in the first place.

It's not that Google is heartless when it comes to updates, but rather that it is difficult to get the tech company, phone manufacturers, and wireless carriers to all work together to update bits and pieces of mobile software.

Android is a (mostly) open mobile platform that Google makes and then releases to phone makers to put on their devices. The tech giant updates the software to new versions, and even occasionaly does massive updates (as in the case of the Heartbleed bug), but for the most part it's up to OEMs and wireless carriers to update the software on phones.

And that leads us to the massive problem coming with the growing Internet of Things. 

Security is already an IoT issue
A few months ago I wrote about the bear case for the Internet of Things, noting that one of the major problems with the IoT is its lack of security, especially for cheaper devices made by small companies.

Speaking to the Harvard Business Review about IoT devices last year, cryptographer and security expert Bruce Schneier said, "These are devices that are made cheaply with very low margins, and the companies that make them don't have the expertise to secure them."

And late last year, HP issued a report showing that some of the most popular Internet of Things home devices could easily be hacked.

Which begs the question: If Google, major phone makers, and wireless carriers can't (or won't) update insecure parts of mobile devices, what makes us think it'll go any better for cheap IoT devices made by small tech players?

In short, it won't. At least not for every connected device.

Intel (INTC -2.02%) has said that security needs to be baked into every IoT device from the get-go. The company has IoT security solutions, including its wireless gateways that connect things to cloud systems and networks.

Source: Intel.

Intel works with McAfee and Winder River's IoT platform to "enable seamless and secure data flow between edge devices and the cloud."

The company has a lot of incentive to secure the IoT, as the company's making a major play on providing the processors that'll power Internet of Things devices. After just a year of setting up a specific Internet of Things division, the company ended 2014 with an expected $2 billion in IoT revenue.

But while Intel and others are working on solutions for major companies, it stills seems unlikely that smaller companies making IoT devices will come equipped with enough security.

At the International Consumer Electronics Show earlier this month the Internet of Things took center stage in many ways -- but security was on the periphery. Motley Fool Tech and Telecom Analyst Nathan Hamilton asked a handful of companies about securing the IoT, but didn't get many straight answers. "After visiting many of the IoT booth's at CES, my biggest takeaway is that very few, if any, companies had a concrete answer on how to secure the IoT on a broad scale. There just aren't any standards that currently exist or answers industry players know at this point," he said.

And that leads us back to the current problem with Android's WebView. When companies create software and devices that connect to the Internet, and then stop updating them -- or simply can't because of complications -- consumers are left vulnerable.

The IoT's massive reach has even lead the U.S. government to issue warnings about Internet of Things security problems. As the IoT is expected to reshape how our homes, cars, utilities, and health systems connect to the Internet, security is about to become more important than ever.