New Study by University of Cambridge Show 87 Percent of Android Devices Vulnerable

Posted 10/20/2015 12:09:23 PM by RICHARD HARRIS, Executive Editor

New Study by University of Cambridge Show 87 Percent of Android Devices Vulnerable
A new study by researchers at the University of Cambridge and published by shows that 87% of Android devices are vulnerable to attack by malicious apps and messages. 

The study suggests that the reason for this high vulnerability rate is in part due to the fact that device manufacturers are not providing regular security updates. The researchers say that some manufacturers are much better than others in providing security updates and devices built by LG and Motorola, as well as those devices shipped under the Google Nexus brand, are better providing regular security updates than most. 

The study uses data collected by the University of Cambridge’s Device Analyzer app, which is available from the Google Play Store. 

Study Abstract:

In the paper the authors map the complex network of players in the Android ecosystem who must collaborate to provide updates, and determine that inaction by some manufacturers and network operators means many handsets are vulnerable to critical vulnerabilities. They define the FUM* security metric to rank the performance of device manufacturers and network operators, based on their provision of updates and exposure to critical vulnerabilities. 

Using a corpus of 20,400 devices they show that there is significant variability in the timely delivery of security updates across different device manufacturers and network operators. This provides a comparison point for purchasers and regulators to determine which device manufacturers and network operators provide security updates and which do not. They found that on average 87.7% of Android devices are exposed to at least one of 11 known critical vulnerabilities and, across the ecosystem as a whole, assign a FUM security score of 2.87 out of 10. In the data, Nexus devices do considerably better than average with a score of 5.17; and LG is the best manufacturer with a score of 3.97.

*The FUM security score was developed by and represents the following:
F - The proportion of devices free from known critical vulnerabilities. 
U - The proportion of devices updated to the most recent version. 
M - The number of vulnerabilities the manufacturer has not yet fixed on any device.

Read More


About the author: RICHARD HARRIS, Executive Editor

As the Publisher and Editor for App Developer Magazine, Richard has several industry recognitions and endorsements from tech companies such as Microsoft, Apple and Google for accomplishments in the mobile market. He was part of the early Google AFMA program, and also involved in the foundation of Google TV. He has been developing for mobile since 2003 and serves as CEO of Moonbeam Development, a mobile app company with 200 published titles in various markets throughout the world. Richard is also the founder of LunarAds, a mobile cross-promotion and self-serv mediation network for developers. He has been a featured presenter at trade-shows and conferences, and stays active with new projects relating to mobile development.

Subscribe to App Developer Daily

Latest headlines delivered to you daily.