87% of Android devices are vulnerable, Nexus models most secure

A new study from Cambridge University shows OEMs are willfully selling insecure devices to users in an attempt to drive up profits.

1 minute & 20 seconds read time

It's been long known that the Android platform isn't nearly as secure as it should be, but we haven't really had a concrete answer as to how vulnerable the OS actually is. A recent study from the University of Cambridge delivers the answer, and it's pretty surprising.

87% of Android devices are vulnerable, Nexus models most secure | TweakTown.com

"We find that on average 87.7% of Android devices are exposed to at least one of 11 known critical vulnerabilities," the university writes in the study's conclusion. "In our data, Nexus devices do considerably better than average with a score of 5.17; LG is the best manufacturer with a score of 3.97."

The study also lays the blame on device manufacturers, citing that most modern smartphones receive few security updates thereby leaving them open to a number of vulnerabilities like the TowelRoot, Gingerbreak, and FakeID exploits. "We showed that the bottleneck for the delivery of updates in the Android ecosystem rests with the manufacturers, who fail to provide updates to fix critical vulnerabilities."

Ultimately it's a communication problem. The smartphone OEM's know when and if a device needs security updates, whereas the user isn't usually aware. So if a user runs an open, insecure phone they're more likely to get infected with an exploit and thus need to replace the device, thereby driving up profits for the manufacturer. This skewed information gap is lucrative for OEMs and ultimately drives more sales.

In fact, the university claims that the overall average of security updates across the 20,400 devices tested is just a paltry 1.26 updates per year.

With any luck, this study will prompt manufacturers to start rolling out updates to address these vulnerabilities. Now that it's out in the open users will likely ask more questions and push for a breakdown of the information gap. After all these exploits aren't just destroying expensive $500 smartphones--they're compromising personal data and information, something which the OEMs should be held liable.

Derek joined the TweakTown team in 2015 and has since reviewed and played 1000s of hours of new games. Derek is absorbed with the intersection of technology and gaming, and is always looking forward to new advancements. With over six years in games journalism under his belt, Derek aims to further engage the gaming sector while taking a peek under the tech that powers it. He hopes to one day explore the stars in No Man's Sky with the magic of VR.

Newsletter Subscription

Related Tags