+

Cookies on the Business Insider India website

Business Insider India has updated its Privacy and Cookie policy. We use cookies to ensure that we give you the better experience on our website. If you continue without changing your settings, we\'ll assume that you are happy to receive all cookies on the Business Insider India website. However, you can change your cookie setting at any time by clicking on our Cookie Policy at any time. You can also see our Privacy Policy.

Close
HomeQuizzoneWhatsappShare Flash Reads
 

87% of Android devices are at risk for security attacks

Oct 14, 2015, 23:00 IST

Screenshot

Almost 90% of Android devices are at risk for attacks through malicious apps and messages, according to a recent Cambridge University study.

Advertisement

Data collected from more than 20,000 volunteers found that 87% of Android devices are exposed to at least one of 11 known critical vulnerabilities. The study places the blame for Android devices' high risk on the manufacturers themselves, noting that all large software companies today uncover security risks and then release software updates to protect users.

"Unfortunately something has gone wrong with the provision of security updates in the Android market," the study reads. "Many smartphones are sold on 12-24 month contracts, and yet our data shows few Android devices receive many security updates."

Android devices receive, on average, 1.26 security updates per year, resulting in long stretches of time where the devices are at risk.

"The difficulty is that the market for Android security today is like the market for lemons," the study says. "There is information asymmetry between the manufacturer, who knows whether the device is currently secure and will receive security updates, and the customer, who does not."

Advertisement

The researchers developed a scoring system, called the FUM score, to rank what Android devices are the most secure. The FUM score looks at the proportion of devices free from known critical vulnerabilities, the proportion of devices updated to the most recent version, and the number of vulnerabilities that have not been fixed on any device.

The score is out of ten with Nexus doing better than average with a score of 5.7. The study notes that LG is the best manufacturer with a score of 3.97. From there the ranking is as follows:

  • Motorola: 3.1
  • Samsung: 2.7
  • Sony: 2.5
  • HTC: 2.5
  • Asus: 2.4
  • Alps: .7
  • Symphony: .3
  • Walton: .3

Although Symphony and Walton received the lowest scores, the researchers note that because they are unpopular manufacturers their phones do not pose the greatest risk. "The total risk to users from the higher scoring popular manufacturers is higher than the risk from the lower scoring unpopular manufacturers," the study reads. That doesn't bode well for Samsung, Sony, or HTC.

Google's Nexus receiving the best FUM score is notable. The study emphasizes that "the main update bottleneck lies with manufacturers rather than Google, operators, or users."

The researchers also constructed a graph that shows the proportion of Android devices that are running vulnerable versions of Android over time. The graph shows that as time progressed from 2011 to the present, Android devices have become increasingly more vulnerable.

Advertisement

AndroidVulnerabilities.org

The graph was constructed based on the devices' exposure to 13 known vulnerabilities.

The study was partially funded via a Google focused funding award.

You are subscribed to notifications!
Looks like you've blocked notifications!
Next Article