A new study by researchers at the University of Cambridge has revealed that 87 percent of Android devices are vulnerable to attacks from malicious applications.
Security researchers have revealed what Android phone owners have long suspected – nearly 87 percent of Android phones are vulnerable to malicious applications. The primary reason for such an alarming high in the numbers is due to the fact that a significant majority of manufacturers and OEMs do not release updates periodically, as they ought to.
The findings were elaborated upon my Alastair R. Beresford, the author of the paper who covered it in a blog post. He noted:
“The problem with the lack of updates to Android devices is well known and recently Google and Samsung have committed to shipping security updates every month.”
According to Beresford, manufacturers like Motorola, LG and the brands associating with Google for the Nexus devices are better than the rest of the manufacturers in the Android pool.
An Application Is behind the Key Findings
An application called the Device Analyzer app, available in the Google Play Store has been the key component behind the findings. Volunteers who download the application send in data anonymously while running in the background.
Key deciding factors for the security score were:
- The proportion of the device that is inherently free of vulnerabilities.
- The proportion of the device that is updated and running the most recent software upgrade.
- The mean of the number of vulnerabilities still needing a fix by the manufacturers.
Related Article: Simple Android Hack Leaves 95% Devices Vulnerable
Additionally, Beresford notes that Google has done a commendable job in mitigating most of the risks and users are advised to only download and install applications from Google’s Play Store. Software updates in the form of system ROMs that are dispatched over-the-air are also recommended by the researcher.
“Our hope is that by quantifying the problem we can help people when choosing a device and that this in turn will provide an incentive for other manufacturers and operators to deliver updates.”
Although Google has guaranteed monthly security bulletins, it is up to the manufacturers to release the updates for their devices. Right now, a majority of the devices just aren’t getting them, says Beresford.