A new study by researchers at the University ofCambridge has shown that 87% of Android devices are vulnerable to attackby malicious apps and messages. Manufacturers are to blame, because mostdo not provide regular security updates. Some manufacturers are muchbetter than others however, and the study shows that devices built by LGand Motorola, as well as those devices shipped under the Google Nexusbrand are much better than most. Users, corporate buyers and regulatorscan find further details on manufacturer performance athttp://androidvulnerabilities.org/
The study uses data collected by the team'sDevice Analyzer app, whichisavailable from the Google Play Store. "The app collects data from volunteersaround the globe and provides us with the statistical data we need" saidDaniel Thomas, lead author of the study, "we have used data from over20,000 devices to support our results, but we're keen to recruit morecontributors." Thefull results of the study will be presented on Monday 12th Octoberat the Workshop on Security and Privacy in Smartphones and Mobile Devices.
"The security community has been worried about the lack of securityupdates for Android devices for some time," said Dr Rice, "Our hope isthat by quantifying the problem we can help people when choosing aphone and that this in turn will provide an incentive formanufacturers and operators to deliver updates."
"Google has done a good job at mitigating many of the risks," said DrBeresford "and we recommend users only install apps from Google's PlayStore since it performs additional safety checks on apps. UnfortunatelyGoogle can only do so much, and recent Android security problems haveshown that this is not enough to protect users. Phones require updatesfrom manufacturers, and the majority of devices aren't getting them."
For further information, contact:
We give permission for the graphics in on the website and in the paper to be republished.