Android Manufacturers Are ‘Failing’ To Protect Users From Security Threats

Researchers from the University of Cambridge claim many Android smartphones are not being supplied with the proper security protection against the latest threats and attacks, as manufacturers fail to provide fixes in a timely fashion.

The report, from Cambridge Computer Laboratory researchers Daniel R Thomas, Alastair R Beresford, and Andrew Rice estimates that 87.7 percent of devices contained at least one bad vulnerability that could leave handsets at risk, as many users can expect just one update a year.

Android Threat

The researchers monitored the effects of 11 major vulnerabilities, including those which could lock users out of their devices, steal user credentials or even brick the devices entirely, across 20,400 devices.

Google, which develops and pushes out Android, was not blamed in the report, with the manufacturers themselves, who are often slow to provide the latest updates, coming under fire.

Perhaps unsurprisingly then, Google’s Nexus devices is the clear winner, receiving regular updates against the latest threats, although LG is also cited for its fast patching. O2 UK was named as the best UK carrier for supplying over-the-air security fixes, just ahead of T-Mobile and Orange, both part of EE.

“The security of Android depends on the timely delivery of updates to x critical vulnerabilities,” the report concluded. “Unfortunately few devices receive prompt updates, with an overall average of 1.26 updates per year, leaving devices un-patched for long periods.

“We showed that the bottleneck for the delivery of updates in the Android ecosystem rests with the manufacturers, who fail to provide updates to x critical vulnerabilities. This arises in part because the market for Android security today is like the market for lemons: there is information asymmetry between the manufacturer, who knows whether the device is currently secure and will receive updates, and the consumer, who does not.

“Consequently there is little incentive for manufacturers to provide updates.”

Making the grade

The researchers propose giving ‘grades’ Android manufacturers based on their performance in puhsing out ptches, which users and regulators can monitor.

Back in August, Google announced it would be committed to sending out a monthly security updates as the company looks to better protect customers using its mobile OS. Google has been providing Android manufacturers with a monthly bulletin of security issues so that they can keep their users secure, but recent vulnerabilities such as Stagefright forced this improvement.

Users of Google’s Nexus family of devices will be the first to receive the new updates, which are also being released to the public via the Android Open Source Project (AOSP).

Are you a security pro? Try our quiz!

Mike Moore

Michael Moore joined TechWeek Europe in January 2014 as a trainee before graduating to Reporter later that year. He covers a wide range of topics, including but not limited to mobile devices, wearable tech, the Internet of Things, and financial technology.

Recent Posts

Italian Regulator Recalculates Apple, Amazon Fines

Italian regulator admits it has redetermined the fines against Apple and Amazon, over the sale…

9 hours ago

Red Cross ‘Appalled’ As Hackers Steal Humanitarian Data Of 515,000 People

A new low. International Committee of the Red Cross shuts down reunification system, after hackers…

13 hours ago

Russia Proposes Ban On Cryptocurrencies, Crypto Mining

Russia's central bank has this week proposed the banning on the use and mining of…

13 hours ago

Apple Working To Patch Safari Data Leak Vulnerability

Oh dear, not so private. Webkit browser engine flaw has been leaking user ID and…

15 hours ago

EU Chief Confirms Chip Law Proposal For Early February

Chip shortage solution? European Commission boss says the European Chips Act legislation will be proposed…

16 hours ago