Android Manufacturers Are ‘Failing’ To Protect Users From Security Threats

Researchers from the University of Cambridge claim many Android smartphones are not being supplied with the proper security protection against the latest threats and attacks, as manufacturers fail to provide fixes in a timely fashion.

The report, from Cambridge Computer Laboratory researchers Daniel R Thomas, Alastair R Beresford, and Andrew Rice estimates that 87.7 percent of devices contained at least one bad vulnerability that could leave handsets at risk, as many users can expect just one update a year.

Android Threat

The researchers monitored the effects of 11 major vulnerabilities, including those which could lock users out of their devices, steal user credentials or even brick the devices entirely, across 20,400 devices.

Google, which develops and pushes out Android, was not blamed in the report, with the manufacturers themselves, who are often slow to provide the latest updates, coming under fire.

Perhaps unsurprisingly then, Google’s Nexus devices is the clear winner, receiving regular updates against the latest threats, although LG is also cited for its fast patching. O2 UK was named as the best UK carrier for supplying over-the-air security fixes, just ahead of T-Mobile and Orange, both part of EE.

“The security of Android depends on the timely delivery of updates to x critical vulnerabilities,” the report concluded. “Unfortunately few devices receive prompt updates, with an overall average of 1.26 updates per year, leaving devices un-patched for long periods.

“We showed that the bottleneck for the delivery of updates in the Android ecosystem rests with the manufacturers, who fail to provide updates to x critical vulnerabilities. This arises in part because the market for Android security today is like the market for lemons: there is information asymmetry between the manufacturer, who knows whether the device is currently secure and will receive updates, and the consumer, who does not.

“Consequently there is little incentive for manufacturers to provide updates.”

Making the grade

The researchers propose giving ‘grades’ Android manufacturers based on their performance in puhsing out ptches, which users and regulators can monitor.

Back in August, Google announced it would be committed to sending out a monthly security updates as the company looks to better protect customers using its mobile OS. Google has been providing Android manufacturers with a monthly bulletin of security issues so that they can keep their users secure, but recent vulnerabilities such as Stagefright forced this improvement.

Users of Google’s Nexus family of devices will be the first to receive the new updates, which are also being released to the public via the Android Open Source Project (AOSP).

Are you a security pro? Try our quiz!

Mike Moore

Michael Moore joined TechWeek Europe in January 2014 as a trainee before graduating to Reporter later that year. He covers a wide range of topics, including but not limited to mobile devices, wearable tech, the Internet of Things, and financial technology.

Recent Posts

X’s Community Notes Fails To Stem US Election Misinformation – Report

Hate speech non-profit that defeated Elon Musk's lawsuit, warns X's Community Notes is failing to…

1 day ago

Google Fined More Than World’s GDP By Russia

Good luck. Russia demands Google pay a fine worth more than the world's total GDP,…

1 day ago

Spotify, Paramount Sign Up To Use Google Cloud ARM Chips

Google Cloud signs up Spotify, Paramount Global as early customers of its first ARM-based cloud…

2 days ago

Meta Warns Of Accelerating AI Infrastructure Costs

Facebook parent Meta warns of 'significant acceleration' in expenditures on AI infrastructure as revenue, profits…

2 days ago

AI Helps Boost Microsoft Cloud Revenues By 33 Percent

Microsoft says Azure cloud revenues up 33 percent for September quarter as capital expenditures surge…

2 days ago