Researchers from the University of Cambridge claim many Android smartphones are not being supplied with the proper security protection against the latest threats and attacks, as manufacturers fail to provide fixes in a timely fashion.
The report, from Cambridge Computer Laboratory researchers Daniel R Thomas, Alastair R Beresford, and Andrew Rice estimates that 87.7 percent of devices contained at least one bad vulnerability that could leave handsets at risk, as many users can expect just one update a year.
Google, which develops and pushes out Android, was not blamed in the report, with the manufacturers themselves, who are often slow to provide the latest updates, coming under fire.
Perhaps unsurprisingly then, Google’s Nexus devices is the clear winner, receiving regular updates against the latest threats, although LG is also cited for its fast patching. O2 UK was named as the best UK carrier for supplying over-the-air security fixes, just ahead of T-Mobile and Orange, both part of EE.
“The security of Android depends on the timely delivery of updates to x critical vulnerabilities,” the report concluded. “Unfortunately few devices receive prompt updates, with an overall average of 1.26 updates per year, leaving devices un-patched for long periods.
“We showed that the bottleneck for the delivery of updates in the Android ecosystem rests with the manufacturers, who fail to provide updates to x critical vulnerabilities. This arises in part because the market for Android security today is like the market for lemons: there is information asymmetry between the manufacturer, who knows whether the device is currently secure and will receive updates, and the consumer, who does not.
“Consequently there is little incentive for manufacturers to provide updates.”
The researchers propose giving ‘grades’ Android manufacturers based on their performance in puhsing out ptches, which users and regulators can monitor.
Back in August, Google announced it would be committed to sending out a monthly security updates as the company looks to better protect customers using its mobile OS. Google has been providing Android manufacturers with a monthly bulletin of security issues so that they can keep their users secure, but recent vulnerabilities such as Stagefright forced this improvement.
Users of Google’s Nexus family of devices will be the first to receive the new updates, which are also being released to the public via the Android Open Source Project (AOSP).
Are you a security pro? Try our quiz!
Thoma Bravo agrees to acquire Darktrace for $5.32 billion in cash, delivering some welcome news…
Customer adoption of AI services embedded in cloud services continues to deliver results for Microsoft,…
TikTok's 'secret source' algorithm is so core to ByteDance, it would rather shut down US…
After relocating from California to Texas in 2020, Oracle's Larry Ellison now reveals plan to…
Share price hit after Meta admits heavy AI spending plans, after posting strong first quarter…
For third time Google delays phase-out of third-party Chrome cookies after pushback from industry and…