How safe is that Android phone in your pocket? Not very.
A whopping average of 87.7 percent of Android devices are exposed to known critical vulnerabilities, according to a new study from the University of Cambridge.
Cambridge researchers studied devices through a Device Analyzer app, which looked at 20,400 Android devices over a four-year period, testing them for known major vulnerabilities, some of which were years old.
Most phones failed the test.
The researchers placed the lion’s share of the blame on phone manufacturers that are slow to deliver crucial updates.
“Unfortunately few devices receive prompt updates, with an overall average of 1.26 updates per year, leaving devices unpatched for long periods,” the paper reads. “We showed that the bottleneck for the delivery of updates in the Android ecosystem rests with the manufacturers, who fail to provide updates to fix critical vulnerabilities.”
The reason for this is simple. While devices manufacturers know when devices are insecure, consumers generally do not.
“Consequently there is little incentive for manufacturers to provide updates,” the researchers concluded.
“The security community has been worried about the lack of security updates for Android devices for some time,” Dr. Andrew Rice said. “Our hope is that by quantifying the problem we can help people when choosing a phone and that this in turn will provide an incentive for manufacturers and operators to deliver updates.”
H/T Ars Technica | Illustration by Max Fleishman