How safe are Android devices from malware? The answer is not reassuring. A new study from University of Cambridge researchers finds that on average over the last four years, 87 percent of Android devices were found to be vulnerable to attacks from malicious apps. The findings are outlined in a blog post by Alastair R. Beresford, one of the study's authors.
Beresford wrote that most manufacturers do not offer enough regular security updates.
He noted that devices from LG, Motorola, and those that fall under the Google Nexus brand are better than most. Consumers looking to pinpoint which brands and makes are best can head to AndroidVulnerabilities.org.
The study, which was partly funded by Google, looked into the phones from 20,000 users who installed the Device Analyzer app, which can be purchased from the Google Play Store. With the app running in the background and gathering data, the researchers scored device manufacturers based on several factors: the proportion of the device that is free from security vulnerabilities; the proportion that is updated to the most recent software; and the mean number of vulnerabilities that the manufacturer did not yet fix.
"Our hope is that by quantifying the problem, we can help people when choosing a device and that this in turn will provide an incentive for other manufacturers and operators to deliver updates," Beresford wrote.
Concerns over Android security has been in the news a lot recently. Over the summer, security firm Zimperium found a flaw known as the Stagefright bug in the media playback tool in Android devices through which hackers could send users a text message containing malware. Once received and opened, the text message essentially would give the hacker control over the phone and access to stored personal information like credit card numbers.
Also making headlines, researchers at Check Point Software Technologies identified a flaw in Android phones that could enable hackers to take control over devices remotely. This would essentially turn a phone into a spying device.
Beresford recommended that consumers only install apps directly from Google's Play Store "since it performs additional safety checks on apps."
"Unfortunately, Google can only do so much, and recent Android security problems have shown that this is not enough to protect users," he wrote. "Devices require updates from manufacturers, and the majority of devices aren't getting them."