Android is the victim of an incredible amount of forms of attacks and just to prove that point over 50 percent of Android phones contain at least one vulnerability that could take control of the device, new research said.
Preliminary data from users shows a huge number of Android devices are vulnerable to at least one of the known Android flaws, said report from Duo Security, which launched a free vulnerability scanning app for Android this summer.
The X-Ray app from Duo scans Android devices for a set of known vulnerabilities in a variety of the Android releases. Quite a few of them are flaws that attackers have used in the last few months. The main issue with Android security and patches is each carrier is responsible for pushing out new versions of the operating system to its users and they all do it on random timelines. There’s no set interval for updates and users don’t have to upgrade, so there’s a good chance that many users are running older, vulnerable versions of Android at any given time.
That is just what the data Duo collected from the 20,000 devices shows. There are vulnerable Android devices floating around out there.
“Since we launched X-Ray, we’ve already collected results from over 20,000Android devices worldwide. Based on these initial results, we estimate over half of Android devices worldwide have unpatched vulnerabilities that could be exploited by a malicious app or adversary,” said Jon Oberheide of Duo Security.
“Yes, it’s a scary number, but it exemplifies how important expedient patching is to mobile security and how poorly the industry (carriers, device manufacturers, etc) has performed thus far. We feel this is actually a fairly conservative estimate based on our preliminary results, the current set of vulnerabilities detected by X-Ray, and the current distribution of Android versions globally.”
Android has the largest market share of any mobile platform and attackers have been targeting the OS with malicious apps, exploits for known vulnerabilities and other attacks for several years now.
“As carriers are very conservative in rolling out patches to fix vulnerabilities in the Android platform, users’ mobile devices often remain vulnerable for months and even years,” Oberheide said.