Android Device Makers Need To Do More To Protect Users From Old Bugs, Per Study
According to a new study conducted by University of Cambridge from the United Kingdom, almost 90 percent of all Android powered mobile devices are at risk because of the Android device makers’ failure to deliver patches. When it comes to evaluating Android run smartphones, mobile users, regulators, and corporate buyers all face a similar problem -- not one of them has any idea which smartphone vendor will supply the patches right after Google has developed the fixes for various security bugs present on its Android mobile operating system.
As noted by Daniel Thomas, Alastair Beresford and Andrew Rice in their study, the market for Android security patches has become similar to a market for lemons. What is happening now is that the maker of Android devices knows whether their products are secure in terms of Android path updates, but the end user, unfortunately, is entirely clueless whether his or her smartphone or tablet, has been updated to the latest fixes.
Thomas, Beresford and Rice collected information from more than 20,000 Android mobile devices that have been installed with the Device Analyzer mobile app. Their data indicates that 87 percent of Android powered handsets were vulnerable to at least one of 11 security bugs in the public domain in the past half decade, which includes the recently found TowelRoot issue (Cyanogen has fixed this in 2014), and FakeID.
The trio of researchers also discovered that Android powered devices on average get 1.26 updates every year. As explained by Rice, the security community for some time now has bemoaned the lack of security updates for various Android handsets, and he hopes that the research they conducted can help consumers decide on which devices to purchase (in consideration of security factors), as well as give an incentive for device makers and wireless carriers to be more diligent in the prompt delivery of security updates.
With recent reports of a couple of new Stagefright bugs, it is imperative for device makers to be more proficient in rolling out patches. South Korean tech giants like Samsung and LG have expressed commitment in following Google in the proper scheduling of monthly security update rollouts, particularly for Google Nexus mobile devices. But for Taiwanese phone maker HTC, monthly updates do not seem feasible, because of the bottleneck in the wireless carrier testing phase, especially with regards to devices that need to be certified by network operators.
Still, the fact remains that security patches need to be more available to end users quickly. According to the study that Google, LG, and Motorola were better at this area compared to Samsung, HTC, and Asus.