Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Cambridge University study finds 87 percent of Android devices vulnerable to attack

Derek Walter | Oct. 14, 2015
The new research uncovers how far behind the Android ecosystem is with tackling security, despite all those recent pledges about monthly patches.

angry android
Credit: The Register

Android handset makers’ failure to deliver timely security updates leaves almost everyone open to attack.

That’s among the conclusions of a study from Cambridge University that sought to quantify just how bad the Android security situation had become.

To compile the data, the group of researchers published a Data Analyzer app to the Google Play Store. Along with giving a lot of people the ability to participate, it ensured that phones without Google Play services that are targeted at emerging markets weren’t calculated into the results. As a result, the team acquired data from 20,000 different Android devices, with most being from major manufacturers like Samsung, LTG, HTC, and Motorola. You can download and run the app yourself to give the team more data to work with.

The research, which was partially funded by Google, is ongoing. So you can download the app to your own Android phone to contribute.

With the data, the Cambridge group then created a score for how quickly all the major manufacturers were applying the latest security updates to their devices. The full results reveal that it isn’t a pretty picture.

vulnerable chart
Data for the research was collected from over 20,000 Android devices running the data analyzer app. Click on image to enlarge. Credit:

Why this matters: The Stagefright vulnerability demonstrated how quickly one security issue could threaten a ton of devices. That’s because Android updates run into a bottleneck. After Google releases a new version or security fix, the manufacturers have to incorporate it into their own split-off versions of the Android OS before spiriting it off to your device. It’s even worse with carrier-branded phones, as the carrier must also test and approve the updates before they come to you. This contrasts sharply with how updates work on iOS. Apple pushes a button, and it heads right to everyone’s iPhone.

Nexus is best, but everyone needs to elevate their game

The Cambridge team created a FUM score to compare the security provided by the different devices. As the chart indicates, Nexus devices are at the top, with LG leading the other third-party manufacturers.

fum score
The scores detail how well (or poorly) Android manufacturers are doing with securing their devices. Click on image to enlarge.

Even with the pledge of monthly security updates, no one besides Nexus devices scored above a five out of 10. That could change over time, but it’s too early for us to know how effective these monthly patches are, and whether or not the manufacturers will hold to this promise over the long term. Also, the monthly security patch promise doesn’t solve the bottleneck problem—outside of full-price and unlocked phones, carriers still hold the keys to when phones get updates. 


1  2  Next Page 

Sign up for CIO Asia eNewsletters.