Study Finds 87% Of Androids Insecure
Written by Harry Fairhead   
Wednesday, 14 October 2015

A research study has revealed that 87% of Android devices are vulnerable to attack by malicious apps and messages. It attributes blame for this state of affairs to manufacturers failing to provide regular security updates.

andvullnchart

 

Data for this graph comes from over 21,700 devices and was collected using Device Analyzer, an app created by researchers at the Computer Laboratory of the University of Cambridge which has been available for free on the Play Store since May 2011. After participants opted into the survey, researchers collected daily Android version and build number information and compared this against a list of critical vulnerabilities dating back to 2010.

 andvulnlist

Each individual device was labeled "secure" or "insecure" based on whether or not its OS version was patched against these vulnerabilities or placed in a special "maybe secure" category if it could have obtained an update with a backported fix. 

To compare different Android devices, the researchers came up with a 1-10 security rating for referred to as the "FUM" score. This algorithm takes into account the number of days a proportion of running devices has no known vulnerabilities (Free), the proportion of devices that run the latest version of Android (Update), and the mean number of vulnerabilities not fixed on any device the company sells (Mean). 

In a paper presented this week at the ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices the team concludes: 

We find that on average 87.7% of Android devices are exposed to at least one of 11 known critical vulnerabilities and, across the ecosystem as a whole, assign a FUM security score of 2.87 out of 10. In our data, Nexus devices do considerably better than average with a score of 5.17; and LG is the best manufacturer with a score of 3.97.

Commenting on this finding one of its authors, Dr Andrew Rice states: 

"The security community has been worried about the lack of security updates for Android devices for some time. Our hope is that by quantifying the problem we can help people when choosing a phone and that this in turn will provide an incentive for manufacturers and operators to deliver updates."

The research is ongoing and the researchers have set up a website AndroidVulnerabilities.org to report its progress. To assist in the research Android users are asked to download the Device Analyzer app to contribute more data.

andvullnsq

 

More Information

AndroidVulnerabilities.org

Device Analyzer on Google Play 

Related Articles

Ever Increasing Need For Secure Programming

 

To be informed about new articles on I Programmer, sign up for our weekly newsletter, subscribe to the RSS feed and follow us on, Twitter, FacebookGoogle+ or Linkedin.

 

Banner

Microsoft Introduces .NET Smart Components
01/04/2024

Microsoft has provided a set of .NET Smart Components, described as a set of genuinely useful AI-powered UI components that you can quickly and easily add to .NET apps. The components are prebuilt end [ ... ]


+ Full Story
Interact With Virtual Historic Computers
14/04/2024

Alan Turing's ACE computer is a legendary computer that is particularly special for I Programmer - our account of it was the first ever history article on the site when it launched in 2009. Now this i [ ... ]


+ Full Story
More News

 

raspberry pi books

 

Comments




or email your comment to: comments@i-programmer.info
Last Updated ( Wednesday, 14 October 2015 )