87pc of Android devices wildly insecure — report

14 Oct 2015

A major study into Android devices has found that 87pc of devices are exposed to at least one of 11 “critical” vulnerabilities.

Android isn’t known for its tight security, but 87pc? Really?

Well, it’s actually more. Cambridge researchers Daniel Thomas, Alastair Beresford, and Andrew Rice have released a paper showing that, across over 20,000 devices, it was actually 87.7pc.

So my HTC Desire is highly unlikely to be secure.

Using the Device Analyzer app that was released a few years back, the researchers looked at the thousands of devices and found that a huge amount were vulnerable to recent issues (the last five years of issues, to be precise)

These include things like TowelRoot, FakeID, Gingerbreak and Levitator.

The main problem, according to Thomas, Beresford and Rice, is that once Google rolls out patches to fix any of these problems, it is often up to the manufacturers to pass it on.

They don’t.

All OS security ideals are based on timely patches and fixes, reacting to threats in the wild. Android devices receive, on average, 1.26 updates a year according to the paper.

They are simply not passed down the line quick enough.

“This arises in part because the market for Android security today is like the market for lemons,” reads the report.

“There is information asymmetry between the manufacturer, who knows whether the device is currently secure and will receive updates, and the consumer, who does not. Consequently, there is little incentive for manufacturers to provide updates.”

The trio have gone so far as setting up Androidvulnerabilities.org, where it ranks manufacturers’ performance in relation to the proportion of devices free from known vulnerabilities, the proportion updated to the latest version and the number of issues yet to be addressed.

Nexus devices are the best by a distance, with Walton and Symphony at the bottom. Although considering Nexus phones should be getting Google updates first, a score of 5.2 out of 10 to top the polls shows just how low a standard is being set.

Overall, Android just does not cut it and, judging by the amount of red in the graphic below, it will take some fixing.

Android Vulnerabilities

Main image via ETNYK on Flickr

Gordon Hunt was a journalist with Silicon Republic

editorial@siliconrepublic.com