It's been long known that the Android platform isn't nearly as secure as it should be, but we haven't really had a concrete answer as to how vulnerable the OS actually is. A recent study from the University of Cambridge delivers the answer, and it's pretty surprising.
"We find that on average 87.7% of Android devices are exposed to at least one of 11 known critical vulnerabilities," the university writes in the study's conclusion. "In our data, Nexus devices do considerably better than average with a score of 5.17; LG is the best manufacturer with a score of 3.97."
The study also lays the blame on device manufacturers, citing that most modern smartphones receive few security updates thereby leaving them open to a number of vulnerabilities like the TowelRoot, Gingerbreak, and FakeID exploits. "We showed that the bottleneck for the delivery of updates in the Android ecosystem rests with the manufacturers, who fail to provide updates to fix critical vulnerabilities."
Ultimately it's a communication problem. The smartphone OEM's know when and if a device needs security updates, whereas the user isn't usually aware. So if a user runs an open, insecure phone they're more likely to get infected with an exploit and thus need to replace the device, thereby driving up profits for the manufacturer. This skewed information gap is lucrative for OEMs and ultimately drives more sales.
In fact, the university claims that the overall average of security updates across the 20,400 devices tested is just a paltry 1.26 updates per year.
With any luck, this study will prompt manufacturers to start rolling out updates to address these vulnerabilities. Now that it's out in the open users will likely ask more questions and push for a breakdown of the information gap. After all these exploits aren't just destroying expensive $500 smartphones--they're compromising personal data and information, something which the OEMs should be held liable.