Approximately 85 percent of Android devices have been exposed to at least one of 13 critical vulnerabilities the OS has become inflicted with, a new study conducted by Cambridge University and funded by Google, found.
While the Stagefright vulnerability put Android devices front and center as being insecure, it appears that the OS’ issues lie in more than just one security hole. How protected a device is depends on the number of updates released by the manufacturer as well as how regularly customers update their phones; Android only receives 1.26 updates every year.
The researchers surveyed 21,713 devices using a FUM score through an app, called Device Analyzer, which has been available in the Play store since 2011.
F: the proportion of devices free from known critical vulnerabilities.
U: the proportion of devices updated to the most recent version.
M: the number of vulnerabilities the manufacturer has not yet fixed on any device.
Ratings are combined into a single score between 0 and 10 – with 0 being the worst and 10 being the best – measuring how effective a manufacturer is at keeping the smartphone secure. Using the data from the app, the experts established which build each Android was running on and what vulnerabilities it was susceptible to.
Their analysis shows an average score across all devices of 2.87 out of 10. Nexus devices performed best, with a score of 5.2; Samsung, HTC, and Sony were around the 2.5 mark; and manufacturers like Symphony and Walton scored just 0.3.
A more interesting aspect of the analysis examined the extent to which the 21,713 devices were exposed to the 13 vulnerabilities. The graph below shows the proportion of devices that were found to be running insecure, maybe secure, or secure versions of Android over time. The large vertical spikes show when a weakness was discovered.
On average, 85 percent of the devices they surveyed were found with at least one critical vulnerability.
“The security of Android depends on the timely delivery of updates to fix critical vulnerabilities,” the Cambridge University team said. “Unfortunately few devices receive prompt updates, with an overall average of 1.26 updates per year, leaving devices unpatched for long periods.”
Findings from the University of Cambridge study can be found here.
Via Gizmodo
Advertisement
Learn more about Electronic Products Magazine
