Coming up with a practical solution will be difficult, experts say. With Android, Google provides carriers with a business model much different than that of rival Apple, which controls all the software on the iPhone and iPad.
With Android, carriers and manufacturers work together to compete for customers based on the features built into the devices. "A key benefit of Android and their handset base is the ability of the carrier to provide a product to their market rather than receive the Apple experience where you get what you get," said Glenn Chisholm, chief security officer for Cylance.
Theoretically, Google could revise its agreements with carriers to require that security updates get pushed out within a specified time. However, Google has shown no interest in taking such steps.
"Honestly, based on current practice, I cannot find a good solution," said Xuxian Jiang, assistant professor for computer science at North Carolina State University.
Meanwhile, the number of Android malware is growing substantially faster than any other Web-delivered malicious app, according to Cisco's recent 2013 Annual Security Report.
In addition, cybercriminals appear to be building better tools for attacking the OS. The first documented Android botnet was discovered in the wild in 2012, Cisco said.
Read more about wireless/mobile security in CSOonline's Wireless/Mobile Security section.
Sign up for CIO Asia eNewsletters.