Study finds 87% of Android devices are insecure due to lack of security updates

by: Jimmy WestenbergOctober 14, 2015

nexus 5x first look aa (22 of 28)

From the Stagefright exploit to other recent security vulnerabilities found in the Android ecosystem, it’s no secret that device security has lately been on the minds of OEMs and consumers alike. A recent study, partially funded by Google and conducted by the University of Cambridge, shows that more Android devices might be more insecure than most of us think. According to a blog post from one of the researchers, Alastair R. Beresford, on average throughout the last four years, a whopping 87% of Android devices are vulnerable to attacks by malicious applications. Beresford says that this is due to device manufacturers not providing security updates on a regular basis. He comments that while some OEMs are much better than others, this is still a major problem.

The researchers collected this data by having approximately 20,000 users download and run their Device Analyzer application, which can be found in the Google Play Store. Thanks to the app collecting data from a wide range of devices, the researchers were able to rank OEMs on the proportion of devices free from critical vulnerabilities, the number of devices running the latest version of Android, and the average number of vulnerabilities the OEM has yet to fix on any device.

Cambridge study - Android vulnerabilities

nexus 5x first look aa (21 of 28)See also: Google’s new Nexus devices offer specific details on security updates10

So, which smartphone makers are the best at providing regular updates? According to the findings, Google’s Nexus devices scored the highest with a 5.2 out of 10, making them the safest handsets available. LG isn’t too far behind with a score of 4 out of 10, and Motorola ended up scoring a 3.1 out of 10. Samsung, Sony, HTC and ASUS have fallen behind with scores ranging from 2.7 down to 2.4.

For a more detailed breakdown of these numbers, head to the recently-launched

Google, Samsung and a number of other manufacturers have been doing their part to bring monthly security updates to their range of current Android smartphones. The researchers hope that by quantifying the problem, they’ll be able to help people make a decision when choosing a device. This will, in turn, provide incentive for other OEMs to take regular security updates more seriously.

  • Prashant Gyawali

    How can a device be secure if your device doesn’t get listed for a new OS upgrade even if it fulfills the minimum requirement for running it? Nothing quite surprising here.

    • Jose Lugo

      Yea, horrible for Note 3 owners and some other devices!

      • 1213 1213

        If you own a note3 you probably don’t have warranty. You may as well just root it and install a custom ROM.

        • Scr-U-gle

          …and hope it works!

          Read the article, your software is crap, your handsets cheap tat built to last less than 18 months (read Googles T&Cs).

          • vikram

            FYI 3 year old Nexus 4 still getting security updates.

          • Scr-U-gle

            Really, not according to this website, googles, or googles T&Cs.


          • Vikram_

            Actually, major OS updates for two years and security updates for 3 years.
            My Nexus 4 (released 2012) got a security update last week (build LMY48T):
            So, you’re wrong, yet again.
            Haven’t you had enough embarrassment?

          • Scr-U-gle

            What load of crap, I suggest you scroll through this page, at least the other pleb had the decency to retract the bullshit you keep repeating.

            Did your parents drop you on your head? You keep repeating utter bullshit Dikrammer.

          • vikram

            Crap? read the dates. It’s that simple.

            And who retracted what? You’re the only one who should be retracting the unrelated crap you keep posting.
            You’ve lost. Just move on. This is getting boring.

          • Scr-U-gle

            Pathetic little boy who has to call people racist because he doesn’t know what he is talking about.

            I suggest that you go back to flipping burgers, and stop pretending you know anything about tech, Dikrammer.

          • vikram

            Read your messages again carefully and tell me they’re not racist. You’re telling an Indian to go flip burgers, clean the toilets and not to supersize the fries. If you must know I majored in EE, masters in CS, PhD in med phys. Working as a quant dev.

            And let me help you with the dates on the links I posted.
            It said LMY48T was released just before 5th October 2015. The Nexus 4 was released 13th November 2012. That’s 2 years, ten months and 22 days difference – just over 34 months, that is.
            34 is MORE than 18
            34 > 18
            042 > 022
            0x22 > 0x12
            log(34) > log(18)

            Not sure how else to say it. It’s the truth. Accept it if you can.

            As to the rest of your unrelenting unrelated detritus and insults – why do you bother? Couldn’t you just, you know, actually use facts, critical thinking and logic to make your point instead of immature diatribe?
            You strike me as someone who always has to have the last word. So prove me right again..

          • Scr-U-gle

            What a twat, so qualified but spend all day on android authority misunderstanding what is written I front of them, just as fantastical as androne is secure.

            How the fuck is telling a burger flipper to do their job racist? That would be racist to make the assumption that Asian people can’t work in a burger joint. Fucking typical bigots like you go around making assumption, and pretending to have a qualification.

            What a paranoid wanker you are, now go clean the toilets, another junkie has shat on the floor.

            You have just shown what a small minded bigot you are, making assumptions about my race, making assumptions about what people are allowed to do for a job.

            Horrible little bigoted, homophobic sexist wanker a like you need to be shot.

          • Scr-U-gle

            Oh dear, not only are you a racist, but also a homophobe and hate women.

            It’s getting quite sad Dikrammer.

            All you do is repeat what you heard, never seen.

            Just flew into Seoul, did a quick straw poll, 15 Apple phones for every 6 other android phones from various brands.

            First conversation I had with a local and she just spat out ‘I hate Samsung’, and we were talking about my Garmin health tracker!

            Just because that’s all your McJob allows you to have, just hating you superiors is pretty sad.

            If you want, I’ll send you my old 4s that still has better software support than your brand new, more expensive than an iPhone, Similarsung S6 iphoney, with the design copied, again from a four year old iPhone.

            I found your LG Prada failure phone very funny, the way you made claims about features you imagine it had were hilarious.

          • Scr-U-gle

            Oh no Dikrammer, looks like another of your bullshit claims and guesses at know stuff have come home to roost.

            I suggest you scroll up, look at the article, read it, try to comprehend, then go cry yourself to sleep because of the disgusting things you do to put bread on the table.


          • Scr-U-gle


            It’s getting very embarrassing now Dikrammer.

            You know nothing, but make wild claims, then call me racist while you make racist assumptions.

            I made no assumption of which country you are from. You on the other hand make all the assumptions claiming only people with certain names are from certain countries, you assume that people with certain names have certain religions and then envoke a cast system that is racist against its own people.

            You are a bigoted ill educated moRoid & dullard.

            I know two Vikrams, one is from Britain, one was born in Sri Lanka. Neither are Hindu, both would be considered ‘untouchable’ in India because they are dark skinned.

            Some of the most racist people I have met are Indians, like the parents who dishoned there own son because he being British, choose his wife from a different community.

            I suggest you go back to the uni above a western union you went to and ask for your money back.

            Dikrammer suits you, you are such a bigot. ???????????

  • Brandon G

    so then samsung knox is just bullshit then?

    • gg

      Knox, knox…

      • JustJames

        Who’s there?

      • Happy

        Knock, knock Penny…knock, knock Penny…knock, knock Penny…

    • Daggett Beaver

      Knox by itself doesn’t do anything unless your phone is managed by a Knox-enabled server. If it’s a managed phone, then it isolates business usage from personal usage. Otherwise it just sits there doing nothing — except checking at boot to see if the phone is secure enough to run Knox if it’s needed. That’s why Knox will return an error if your phone is rooted or SELINUX is set to permissive.

      • Brandon G

        thanks. does it brick your phone if you root? and it know

        • Daggett Beaver

          No, it just pops up an error message when you boot after you root. You can just freeze 3 Knox apps, and you’ll never see the error message again.

    • Scr-U-gle

      Android is bullshit.

      It says so above in the article

  • Richard B

    This survey has no idea what softwares are on our phones- so it’s utter horseshit.

  • Daggett Beaver

    Read through the vulnerabilities. Most of the ones I browsed require either adb or an application be designed to exploit the vulnerability. While it has been demonstrated that some malware can sneak into the Play Store, none of the vulnerabilities I read about worry me in the least.

    • retrospooty

      Yup, another in a long line of yawn, my phone isnt secure articles.

      • Daggett Beaver

        Seriously… some of the vulnerabilities are camera overflow, kernel driver overflow… does anyone have any idea what is necessary to exploit these? And then what’s necessary to get your malware on the play store?

        • Scr-U-gle

          150,000 malware apps a day enter the official Playstore.

          Being blinkered does not mean the real world doesn’t exist, it just means you are fooling yourself.

    • Scr-U-gle

      What a chief….
      150,000 that have already been banned a-day are re-uploaded and pass checks by Google to the Playstore.

      And that is just the ones they know about.

      Just drop the pretence, androne is shitware, your hardware is built to die within 18 months, and you are being truely Scr-U-gled.

      What a bunch of know nothing bedroom experts.

      • vikram

        [citation needed, again]
        (and then a contrasting one for iOS)

        • Scr-U-gle

          Chief: a [email protected] idiot, see everything you have written for proof, and you bought a phone that if it is LUCKY, might get one update. Scammed by billionaires and proud of it.

          iOS contrasting information:

          Kiss my chuddies.

          • Vikram_

            I can’t see a mention of the 150,000 apps anywhere in those links.

            Your first link is completely irrelevant (doesn’t mention Android or iPhone, and in fact almost pre-dates them), and in response to your second link:


            But, if you do think correlation is causation then perhaps I should remind you that more iPhone users are women, rather than men, and are older:

            So if you suggest you’re better educated than me, because you have an iPhone, I’d suggest that you’re 65+ years of age and a woman.
            Oh, and have you considered that perhaps there is correlation between education (!= intelligence by the way) and income, and since Apple is a luxury brand, there’s a higher chance of a rich person buying an iPhone than a poor person? ..and therefore not a consequence of education? And certainly not of intelligence.

            And here’s another link that suggests that Android users are more likely to follow technology news and work in tech:
            So, that means what? That iPhone users don’t know much about tech? Apparently so.

          • Scr-U-gle


            Oh dear Dikrammer, looks like nothing has changed since Scr-U-Gle copied the iPhone, you are still dumber, poorer and more likely to stay that way.

            Your just a racist homophobe bigot who doesn’t only invent jobs you see iPhone users have, you actually think your iphoney is an original product that gets updated, funny little boy.

            You just have to look on this very website to know that Nixus 4 is getting dropped like an AIDS baby playing with razor blades.

            You really are a pathetic little bigot

          • vikram

            Ok, seriously, who’s side are you on?
            Firstly I’ve already demonstrated that correlation is not causation.
            Secondly *read* the link you sent:
            “Alaska (66%), Montana and Vermont have the largest percentage of iPhone users.”
            So Alaska and Montana (and then Hawaii and Mississippi from Chikita link) have the richest and most educated people in the US? Because that’s where there are most iPhones per capita. Only Vermont is in the top five which might buck the trend.
            Dude, you’ve failed, again.

            Now look, you’ve been comprehensively beaten and to avoid any more dishonour to your family, please stop now.
            You strike me as someone who always has to have the last word. So prove me right again..

        • Scr-U-gle

          Stop making racist comment Dikrammer.

  • Grahaman27

    This chat is saying if a device isn’t getting an update that it is suddenly insecure… which is not true. this might as well be an update chart… yes we get it android needs better system for updates.

    look at 2013, it goes from 70% secure to 0% secure in a flash.

    • Scr-U-gle

      Heartbleed, StageFright?

      150,000 malware apps re-uploaded a day make it through googles ‘verification’.


  • Pepi Dachev

    I’m running the latest Android 5.1.1 LMY48W on my Galaxy S4 I9505 which is the latest 5.1.1 and I think it’s secure.

  • Happy

    My phone is very secure – nailed and scotched to the wall….

  • Jack Silsan

    That’s a problem of being popular. Windows desktop users knows this better than anyone

    • Daggett Beaver

      Except that Windows vulnerabilities often involve just connecting your desktop to the Internet. None of the vulnerabilities I read about are anything like that (admittedly I didn’t read them all). They’re all “buffer overflow in the camera driver” stuff. So unless someone can find your phone’s IP address, connect to it, install an app without your knowledge and then use that app to start your camera… well, you can guess the rest.

      • Scr-U-gle

        Another guess, by another bedroom expert.

  • Scr-U-gle

    Androners, you have humble pie on your shirt.

    The times I have been attacked by you dullards who are ‘all tech savvy professional IT people’, this is just more proof that:
    1. You lot are a bunch of bullshit artists.
    2. The people who manage and contribute to this site are bullshit artists.
    3. Androne is a load of fragmented bullshit by a government shill who can not produce anything of quality.

    Go get an iPhone, a bullshit free ecosystem

    • hakim

      AnDRONErs.. very good.. I see what you did there. Very clever.

      Funny you should mention the iPhone, although it has about a fifth of the market share of Android (so you’d expect it to be less of a target for hackers) it somehow manages to have about three times as many recorded vulnerabilities:

      And your rage is very telling. So much hate. Do you think you’ve added anything to the discussion? Or are you just trolling?

      Oh, and if you haven’t been embarrassed enough by those stats, here’s a link to the recent glut of malware in the Apple App Store:
      No, wait, sorry, wrong link, here’s the right one:

      Have a nice day.

      • MUTINOUS

        its funny how Apple fanboys cling to the stats that make them feel better.

        Apple has soooooo many more vulnerabilities and all they can focus on is how fast they get an update.

        For those that have a hard time understanding. Here is a visual illustration.

        ================================IOS TIME LINE ====================================>



        ================================ANDROID TIME LINE ===============================>

        BUGS====>APP update=>=============>SYSTEM UPDATE===============>BUGS==>APP update


      • Scr-U-gle

        A fifth in the poorest countries in the world.
        Here in Japan where the iPhone has been available officially for a couple of weeks over a year, the ratio is 70% iPhone, 15% flip phones and 15% androne.

        How are those 150,000 malware apps that are re-uploaded a day (that’s the ones Google know about) after being banned? How is StageFright and Heartbleed?

        Keep with the dreams of a decent OS, hardware built for a maximum of 18 months, that is the only way to convince yourself you are not being taken for an idiot.

        • vikram

          @hakim was wrong, it’s not 1/5, Apple global market share is closer to 1/6 that of Android’s. And it’s not just the poorest countries.
          Android 75.2%
          iOS: 13.6%
          Windows: 10.5%

          And you’re either deluded, legally blind, or flat out lying about Japan:
          Android 64.5%
          iOS: 33.8%
          Same source.

          Care to give a give a source for your 150k claim? And perhaps contrast that to the number being submitted to the Apple App Store? Oh, and then explain to me why the number submitted is even relevant? Surely it’s the number that get through that are relevant?

          The 18 months BS I’ve already disproved above.

          You’re just full of lies and rhetoric, aren’t you? I guess you’d have to be to justify your purchasing decisions.

          • Scr-U-gle

            If you could afford it with your McJob, just get on a plane, sit in any place for as long as you want and count. Japan has region specific flip phones that are more popular than Andi joker phones, where are they in your figures.

            What, a moRoid who had never seen something knows more than the people on the ground? Nothing new but delusions of grandure.

            As you are well aware, the iphone has only been available officially here for just over a year, so all those older than an iPhone 6 were personally imported and grey market, so won’t be in formal figures.

            iPhone is in the vast majority in this first world country, and guess what? Even the poor countries, they want an iPhone so much they will buy at extortionate rates secondhand three year old iPhones that still get better support than a Android joker phone.

          • Vikram_

            Would you please stop with the racism?
            I’m not sure why “region specific flip phones” are significant if you’re trying to make a point about iPhone vs Android popularity. And I’ll trust stats companies over your empirical view, which, as with most cultists suffers from confirmation bias (look it up, I’ll wait).

            And for those who haven’t already seen the iPhone users for what they are:

            I think that pretty much covers it.

          • Scr-U-gle

            Oh dear Dikram, trying to invent a racist slur now, are you getting that desperate?


            Yes you read that right, 80%.

            Apple rule here, because the japanese people understand design, it is part of the culture here.

            Go back to your McJob Dikram.

          • vikram

            I genuinely pity you. And as a once scientist I think you should be put in a box to be studied. I thought all the Apple trolls died off together with Apple innovation and iOS market share back around 2011.

            It says 80% of the *enterprise* sectors. And it’s hilarious that you get your news from a drama and celebrity web site.

            Meanwhile, global iPad sales in all sectors, like your remaining integrity, are plummeting:

            Now give it a rest. You’ve thoroughly lost all of your arguments.
            I’m trying to do you a favour. Drop it. Move on.

          • Scr-U-gle

            why are iPad sales falling off? Because they last so long, unlike your pretend updates on androne.

            Dikrammer, why don’t you go pretend your a programmer instead of coming out with the same old bullshit the rest of the moroids have given up on.

            Next you’ll be claiming Androne didn’t go from a poor Blackberry knock off, to a Nokia knock off to an iphoney.

            Take your cheap vulgar handset and stick it up your Arse, Dikrammer.

          • Scr-U-gle
          • Vikram_

            Yeah, maybe we’re using different number systems but I’m still not seeing 150k malware apps reappearing a day. It says 2125 reappeared (not per day, but over the period of the experiment). There is also nothing to suggest that exactly the same thing isn’t happening in the Apple App Store.

            And right on the page you linked to, this:
            A huge compromise of Apple App store apps. Oh dear.

            You should stay down.

          • Scr-U-gle

            You forgot the other 120,000 states in the article Dikram.

            So you invent facts, figures and security that experts laugh at.

            Then invent racist comments that only exist in you tiny little brain.

            It’s getting embarrassing now Dikram(er)

    • vikram

      Fragmented? You do know that the distribution for iOS is:
      9.x is on 41%
      8.x on 40%
      7.x on 15%
      6.x on 3% of devices..
      (source: david-smith org)

      not to mention the different screen resolutions, aspects..

      5.x is on 23%
      4.x on 72.5%
      2.x on 4%..

      so tell me, who’s more fragmented?

      • Scr-U-gle

        Nice made up figures there, and how old is lollipop, a year old and still is less than 20%. iOS 9,less than a month old. And it hit over 50% in a week.

        I suggest you go read Scr-U-gles T&Cs where they clearly state that the MAXIMUM updates are for 18 months, and with carriers really being in control, that figure is me being kind, it’s more like the vast majority never get an update ever.

        So far, less than 20 out of the 30,000 odd devices just from last year will get marshmallow, meaning more than 99.99999 of devices will still have StageFright and 99% (I’m still being generous with these figures) will never get rid of Heartbleed.

        Not only do you misunderstand your own invented figures, you seem to think it is alright to get one update if you are lucky.

        I suggest you go to a reliable source like where they have real data.

        Only a fool is so easily parted from his money.

        • vikram

          You’re special. I’m sure your mother told you that.

          I told you where my iOS figures are from. And the Android numbers are from Google. And yet your rants have no basis whatsoever. which link am I supposed to be looking at? I saw nothing relevant.
          And I have read the T&Cs, and I also received a security update last week for my three year (that’s 36 months by the way, which is more than 18) old Nexus 4 and my two year old Nexus 7 (27 month old actually). I’m holding off upgrading my Nexus 7 to Marshmallow, but it is available (latest update, and the device is 27 months old, which is more than 18).
          My work iPhone 5s on the other hand is dog slow with iOS 9, but a little better than iOS 8, and I’m not the only one to have the problems, happens every time a new iPhone comes out: the old phones magically slow down, see here to compare android and iOS releases and slow downs:

          Not only are there many many more searches for slow downs (even though Android outsell the hell out of iPhones), but there’s a very obvious pattern. It’s a way of tricking people to upgrade to the latest incrementally updated iPhone. A fool and their money, as you say.
          Still think iOS is a bullshit free ecosystem? Perhaps you’ve just built up a tolerance.

          • Scr-U-gle

            Some bogus site of some wannabe famous for slagging of the most profitable company in the world? What a joke. The internet is full of these wannabes.

            Never heard of him and I do something you Moroids never do; put my money where my mouth is and invest in the companies that actually change the world, not copy it and claim to be first a few years later. 64-bit, fingerprint scanners that work, high density pixel screens, voice UI, multitouch, capacitive screens, updates (you may not have heard of these as a HaemorRoid user.), looking at your ecosystem I see a trail of dead products and ‘feature’ that never worked.

            A good example is moRoid wear. The rumour of the Apple Watch starts, Google panic and get the interface wrong again, sell less than 720,000 in a year, worldwide, all manufacturers. Apple Watch gets the UI right (currently being copied by Scr-U-gle and its partner Similarsung, a year later first!). Apple; rock up, sell a third more in part of one region in one day. Then the deluge of cheap knock offs flood the market that are overpriced market stall watches (you proberly think that’s good, you have no taste), then people like you start talking about watches as value items and not personal al statement pieces that they are. You just don’t understand high-end, unless it is plastered in logos.

            Name one manufacturer that has better sales, returning customer or more switchers. Didn’t think you’d like that.

            Or shall we talk about success, who has not only changed every industry and been copied by every other company? Or did the Sooner phone not have to become an the Scr-U-gle/Similarsung iphoney?

            Android is a joke, it’s users are a joke, and Vikram, I told you a thousand times: I DO NO WANT TO GO LARGE, now go clean the toilets, another junky has shit the place up at your MacJob.

            What is it with McKenzie tracksuit wearing apes? I don’t see any of you using Sooner phones, just Scr-U-gled iphoneys

          • Vikram_

            Not bogus, not wannabe, but the author of a popular iOS app.
            64-bit? only real use was a performance boost, that multi-cores destroyed anyway. And first the 64-bit core was an ARM rip-off anyway, and made by Samsung.
            Fingerprint scanners that work? The Motorola Atrix worked fine back in 2011, years before iPhone stole the idea.
            High density pixel screens? Apple didn’t make the screen, they just bought it, and that first “retina” screen has been beaten many times over since.
            Voice UI? Siri was based on products by Nuance/Dragon. And Siri’s been eclipsed many times over by Google Now and Cortana. It’s an embarassment.
            Multitouch? capacitive screens? LG Prada had it before the iPhone, and Apple had no part in the tech, they just bought it off the shelf.
            Updates? Already told you, but perhaps you should read my response regarding the Nexus 4.

            And your comments are racist. I won’t stoop to your level in response. (FWIW I do HPC programming)

          • Scr-U-gle

            I suggest you look at how slow the Note 5 is compared to the iPhone 6s. dikrammer, you should write fiction, you have a very vivid imagination.

            How the fuck is what I am saying racist dikrammer? Desperate little idiot that you are, you don’t even know what race I am Dikrammer!

            I suggest you go look at your LG again, That doesn’t have a capacitive screen, no multi touch, and failed, just like adrone until it copied the iPhone wholesale, or are you saying Andy Rubin and Chris deSalvo haven’t publicly admitted they copied the iPhone?

            And the last dikhead who claimed the same about the Nixus 4 at least had the decency to retract that bullshit, but you are cut from a dumber cloth, Dikrammer.

            Just think, if you did something like write your fantasies in the form of a novel you wouldn’t have to serve burgers all day and could afford an iPhone!!!

            Now for the last time, I do not want to go large, but the toilets are disgusting, go clean them up.

            Ps that star on your badge does not make you a programmer.

          • vikram

            No, but my major in EE, masters in CS, PhD in med phys and job as a quant dev do.
            I think you are going to feel compelled to respond with more diarrhoea. Care to prove me right again? I’ve got a perfect record so far.

  • hoggleboggle

    There is a very simple solution to this: Make the manufacturer and/or carrier liable for any costs incurred as a result of a known security exploit on any device younger than 5 years if they haven’t released an update. You would be surprised how quickly they will start releasing updates.

    • Scr-U-gle

      Or don’t bend over for market access.

      Jobs didn’t but Brin did, you are all still paying for it today.

      Then again, the day Google take control of androne, the carriers will drop it like an AIDS baby playing with an Ebola babies razor blades.

      Even Tizen us better than androne.

      • Vikram_

        Apple did bend over for market access, and it was against Jobs’ “vision”: they released the iPad mini and the iPhone Plus. They only did that when they saw how wildly popular smaller tablets and phablets were.

        • Scr-U-gle

          You really talk a load of bullshit Dikrammer, go scrap the dross from the burger grill.