Android Manufacturers Are ‘Failing’ To Protect Users From Security Threats

Researchers from the University of Cambridge claim many Android smartphones are not being supplied with the proper security protection against the latest threats and attacks, as manufacturers fail to provide fixes in a timely fashion.

The report, from Cambridge Computer Laboratory researchers Daniel R Thomas, Alastair R Beresford, and Andrew Rice estimates that 87.7 percent of devices contained at least one bad vulnerability that could leave handsets at risk, as many users can expect just one update a year.

Android Threat

The researchers monitored the effects of 11 major vulnerabilities, including those which could lock users out of their devices, steal user credentials or even brick the devices entirely, across 20,400 devices.

Google, which develops and pushes out Android, was not blamed in the report, with the manufacturers themselves, who are often slow to provide the latest updates, coming under fire.

Perhaps unsurprisingly then, Google’s Nexus devices is the clear winner, receiving regular updates against the latest threats, although LG is also cited for its fast patching. O2 UK was named as the best UK carrier for supplying over-the-air security fixes, just ahead of T-Mobile and Orange, both part of EE.

“The security of Android depends on the timely delivery of updates to x critical vulnerabilities,” the report concluded. “Unfortunately few devices receive prompt updates, with an overall average of 1.26 updates per year, leaving devices un-patched for long periods.

“We showed that the bottleneck for the delivery of updates in the Android ecosystem rests with the manufacturers, who fail to provide updates to x critical vulnerabilities. This arises in part because the market for Android security today is like the market for lemons: there is information asymmetry between the manufacturer, who knows whether the device is currently secure and will receive updates, and the consumer, who does not.

“Consequently there is little incentive for manufacturers to provide updates.”

Making the grade

The researchers propose giving ‘grades’ Android manufacturers based on their performance in puhsing out ptches, which users and regulators can monitor.

Back in August, Google announced it would be committed to sending out a monthly security updates as the company looks to better protect customers using its mobile OS. Google has been providing Android manufacturers with a monthly bulletin of security issues so that they can keep their users secure, but recent vulnerabilities such as Stagefright forced this improvement.

Users of Google’s Nexus family of devices will be the first to receive the new updates, which are also being released to the public via the Android Open Source Project (AOSP).

Are you a security pro? Try our quiz!

Mike Moore

Michael Moore joined TechWeek Europe in January 2014 as a trainee before graduating to Reporter later that year. He covers a wide range of topics, including but not limited to mobile devices, wearable tech, the Internet of Things, and financial technology.

Recent Posts

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

3 hours ago

Former Policy Boss At X Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

6 hours ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

7 hours ago

FTX Co-Founder Gary Wang Spared Prison

Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…

8 hours ago