A team of researchers from the University of Cambridge have discovered that about 87% of Android vulnerabilities are due to a lack of security updates from manufacturers.
The researchers used a device analyzer app they created to get statistics from more than 20,000 devices. With the data they collected, they rated each device manufacturer based on a 1-10 FUM score, with 10 being the best. The FUM score included the proportion of devices free from known vulnerabilities, the proportion of devices running the most recent version, and the number of vulnerabilities the manufacturer hasn’t addressed, according to the researchers.
(Related: Android’s lockscreen can be bypassed)
The research showed Nexus, LG and Motorola, respectively, are best at pushing out updates, but the FUM scores ranged from 5.2 to 3.1. Symphony and Walton had the worst manufacturer FUM score of 0.3.
“Our hope is that by quantifying the problem we can help people when choosing a device, and that this in turn will provide an incentive for other manufacturers and operators to deliver updates,” wrote Alastair Beresford, senior lecturer at the University of Cambridge’s Computer Laboratory, in a paper.
While Google recently tried to address the problem by delivering security updates every month, the researchers said it isn’t enough.
“Unfortunately Google can only do so much, and recent Android security problems have shown that this is not enough to protect users,” Beresford wrote. “Devices require updates from manufacturers, and the majority of devices aren’t getting them.”
More information can be found here.