Windows Phone 7 update bricks some handsets – Microsoft in security middle ground

Phone brick from Riekus's Flickr photostreamMicrosoft tried to push an update to their newly released Windows Phone 7 this week and accidentally bricked some Samsung-branded handsets.

Microsoft has since pulled the update, but only for the Samsung Omnia handsets affected by the flaw. Even more embarrassing, the update was intended to improve the updating process and provided no enhancements for users of the phones.

Samsung Win7 phoneIf you have one of the affected devices there are experimental instructions on how to recover your phone.

Microsoft has elected to centrally control the distribution of updates for the Windows Phone 7 platform, which ultimately puts them in a sort of middle ground. After an accident like this one, carriers may begin applying pressure on Microsoft to let them decide if and when handsets receive updates.

Why does this matter? Well, the smartphone landscape is quite diverse when it comes to how much control phone and operating system manufacturers have compared to the carriers.

At one end of the spectrum we have Apple and Research In Motion, the manufacturer of the BlackBerry devices. Both companies centrally control all software and updates they provide for their phones, and no one else produces the handsets. This enables a very rigorous QA process to find defects and allows Apple and RIM to ship fixes and updates to improve security on a more regular basis.

AndroidAt the other end of the spectrum is the Android platform from Google. While Google produces what you might call a “reference design” OS, it is up to the manufacturers to customize and test it on their devices. There are many different companies producing Android phones for many different carriers.

Not only is the OS somewhat unique per device, but carriers are also producing their own customizations, further diversifying the variants of Android in the field.

This can be a real problem. When you need security updates, you must rely on Google to fix the bug, your device manufacturer to patch their custom OS, and your carrier to decide that they are willing to provide you with the fix. This is a huge security mess.

Microsoft has chosen a path right down the middle. Like Google, they are not producing handsets, but they are trying to create a centrally distributed operating system platform that they control.

From a security perspective this appears to be a solid approach, allowing Microsoft to ensure devices in the field are all able to consume patches when they make them available, but it does come with risk.

Because Microsoft is placing the burden of their software SNAFU on the carriers and manufacturers, I expect we’ll see a backlash against their preferred updating method. This incident could not have come at a worse time for them, as they are trying to enter a very competitive smartphone market in which any bad press could push consumers to better established brands.

For the latest information on the threats facing mobile users, check out our latest threat report.

Creative Commons image of phone brick courtesy of Riekus’s Flickr photostream.