Over 87 percent of Android devices vulnerable, says new study
Manufacturers pose a bottleneck in delivering critical security patches on time, leaving most devices vulnerable to at least one critical threat
A new study conducted by researchers at University of Cambridge has determined that a whopping 87.7 percent of Android devices worldwide are exposed to at least one critical vulnerability. The paper ties it to the irregular delivery of security patches by manufacturers. The research has been partly funded by Google and seemingly confirms what has been suspected for long – that Android is not the safest mobile operating system.
A sample size of 20,400 devices was used to carry out the research. 11 critical vulnerabilities were chosen for the study. The data was gathered over a four-year period, through the Device Analyzer app which the participants installed on their phones. The results showed that 87.7 percent of the devices tested are exposed to at least one of the 11 vulnerabilities. The research has found that manufacturers often fail to provide the latest security patches to the devices in a timely manner. However, the situation is not uniformly bleak as Google Nexus devices have fared considerably better. Among the rest, LG has scored the highest.
The paper notes that the security of the Android ecosystem is dependent on the timely delivery of critical patches. With each smartphone receiving an average of 1.26 updates per year, it says that the bottleneck rests with the manufacturers who fail to roll out the updates on time. “This arises in part because the market for Android security today is like the market for lemons: there is information asymmetry between the manufacturer, who knows whether the device is currently secure and will receive updates, and the consumer, who does not,” the paper says.
The team devised a “FUM score” to rate the manufacturers on a scale of 10. It takes into account the proportion of devices free from vulnerabilities, the proportion of devices running the latest Android version and the number of vulnerabilities not fixed on any of the manufacturer’s device. The score has been created “to quantify and rank the performance of device manufacturers and network operators, based on their provision of updates and exposure to critical vulnerabilities.”
The study has highlighted the security issues that plague Android users. The problem is especially acute in emerging markets such as India, where a large number of manufacturers churn out a plethora of devices. More often than not, these devices receive little software support by way of patches and updates. In order to address this issue, Google will have to put in place guidelines, that mandate the manufacturers to push out updates to their devices. But, given the variety of smartphones from so many different companies in the country, it seems a rather tall order.