The EU opened a formal investigation into Amazon on Wednesday centered on how the e-commerce giant uses merchants' data.Technologyread more
Analysts and investors are keen to find out how looming interest rate cuts will impact the second biggest U.S. lender by assets.Financeread more
IAC is set to invest $250 million in Turo, a peer-to-peer car-sharing firm that is often referred to as the "Airbnb for cars."Technologyread more
U.S. officials see the deal as a threat to NATO, for which Turkey provides the second-largest military.World Politicsread more
Google's services have been blocked in China for several years, but the company still has a business there, as the tech giant seeks to sell products to Chinese firms in...Technologyread more
China may have signaled it's going more hard-line on trade, but it could be a good thing, former U.S. negotiator Clete Willems told CNBC.World Economyread more
Support for U.S. President Donald Trump increased slightly among Republicans after he lashed out on Twitter over the weekend in a racially charged attack on four minority...Politicsread more
While the vote served as a show of solidarity for Democrats, it recommended no substantive penalty against Trump.Politicsread more
Barney Frank, former chairman of the House Financial Services Committee, says that significant progress has been made to reduce the amount of imprudent household lending in...Invest in You: Ready. Set. Grow.read more
Facebook's cryptocurrency project has already been met with skepticism from policymakers around the world.Technologyread more
United's Optum is launching a new partnership with John Muir Health aimed at helping the small northern California hospital operator become more competitive with its larger...Health and Scienceread more
Another big security flaw in Android highlights just how messed up the Google ecosystem still is when it comes to security.
This one, known as Quadrooter, was disclosed in recent days by security software maker Check Point. Quadrooter affects a whole host of top-end Android devices running one of Qualcomm's Snapdragon chips.
That means hundreds of millions or even a billion devices could be at risk, including top-end models such as the Samsung Galaxy S7, HTC 10 and LG G5 and even Google's latest Nexus devices and security-focused devices like BlackBerry's Priv and Silent Circle's Blackphone.
More from Recode:
Google keeps buying cloud companies to take on Amazon's AWS
Online Olympic video streaming is big, but not as big as eSports
Walmart was the only bidder in $3 billion Jet.com acquisition
The problem is there are still so many hands in the pot when it comes to updating Android. Google updates its software, but device makers have to tailor it for their phones — and sometimes they get their software not from Google, but from chipmakers like Qualcomm. And then sometimes mobile carriers want to do their own testing to make sure they aren't inadvertently introducing other problems onto their network.
All that means the time from when a flaw is identified or disclosed to when it is fixed is longer than it should be, sometimes leaving hundreds of millions of phones vulnerable for weeks or months.
"The problem continues to be that Android security updates are really hard because of [their] fragmented ecosystem," said Check Point mobile security evangelist Jeff Zacuto told Recode.
In this case, the flaw affected such a broad swath of phones because it was an issue at the chip level — and Qualcomm chips power roughly two-thirds of Android phones.
It's worth noting that as bad as things are, they used to be worse.
Google didn't always have monthly security patches, carriers used to be much stingier with allowing quick security updates and device makers did a lot more customizations to Android that further complicated the process.
Qualcomm, for its part, said it was notified between February and April about the various vulnerabilities and made patches available between April and July.
But unlike when Apple releases a security update for the iPhone, that's only one step in the process. Once Qualcomm or Google releases a fix, each handset maker has to tweak it for their phone and then make the update available to customers. In the U.S., updates also sometimes go through the cellphone carrier as well.
Google, meanwhile, says three of the four flaws tied to Quadrooter were patched in an August security update, while the fourth is set to be fixed soon. It also notes that while this is a high-risk flaw, it still requires a user to download a malicious app in order to be affected.
That means those most at risk are people who get apps from places other than the Google Play store, although Zacuto noted that even sticking to official app stores isn't a guarantee of safety.
"They do a great job catching malicious apps, but they don't catch 100 percent," he said.
Despite the lengthy process, Google and Qualcomm say things are improving, with flaws being fixed sooner and more devices getting updates.
"There is an overwhelming consensus that things are getting better, that we are moving things in the right direction," Qualcomm engineering VP Alex Gantman told Recode.
—By Ina Fried, Recode.net.
CNBC's parent NBCUniversal is an investor in Recode's parent Vox, and the companies have a content-sharing arrangement.