Yet a serious, widespread outbreak could move much faster than the companies involved in updating Android phones are prepared to react, experts say, potentially causing serious breaches for consumers and expenses for carriers that may need to replace phones compromised by malicious programs. "They can sweep the world in a few hours," said Kevin Mahaffey, chief technology officer for Lookout, a mobile security firm. "Thankfully that hasn't happened on mobile yet. But I do see this as a potentially billion-dollar problem."
Google officials say they can act fast when faced with the most serious breaches, as they did in 2011 when a hacking incident enabled the Iranian government to monitor as many as 300,000 Iranians using Gmail, the free e-mail service provided by Google.
All major computer browsers received swift updates, fixing the problem. Google, meanwhile, updated Android to prevent similar issues in the future and delivered the repair to smartphones with unusual speed.
"There's a lot of moving pieces to the update process, so we evangelize," said Lockheimer, the Android engineering official.
But that incident was the last that prompted such aggressive action, he said. And even now, almost 1 1/2 years later, Google says while the repair reached most Android phones, they don't know how many remain vulnerable.
Sign up for CIO Asia eNewsletters.