Outdated software is the weak spot of Android phones, according to a security firm's recent study that finds more than half of the Android-powered devices checked have unpatched vulnerabilities, putting their users at risk of mobile malware.
Duo Security, a Michigan-based company whose investors include Google, gathered data from more than 20,000 Android devices around the world that loaded its free app, X-Ray, released two months ago. Unlike traditional mobile antivirus software that scans for known malware, X-Ray scans Android devices to see whether they have unpatched vulnerabilities that may put them at risk.
The firm found that more than half of Android devices worldwide have unpatched vulnerabilities that could be exploited by rogue apps. The X-Ray FAQ explains that a number of such vulnerabilities have been discovered in the core Android platform, affecting nearly all Android devices. Even more are found in manufacturer-specific extensions that may affect a smaller subset of Android users.
“Yes, it’s a scary number, but it exemplifies how important expedient patching is to mobile security and how poorly the industry (carriers, device manufacturers, etc.) has performed thus far," says Jon Oberheide, CTO at Duo Security, in the company's blog posting about its research. "We feel this is actually a fairly conservative estimate based on our preliminary results, the current set of vulnerabilities detected by X-Ray, and the current distribution of Android versions globally.” Oberheide was recently named one of Forbes' "30 under 30" for his Android security research.
Carriers are very conservative in rolling out patches to fix vulnerabilities in the Android platform, users’ mobile devices often remain vulnerable for months and even years,” Oberheide adds.
Apple releases software patches for its iOS software regularly and users have immediate access to any updates, but the nature of Android means that carriers and device manufactures hold the key when it comes to updating phones. Sometimes Android updates are not rolled out to all phones in order to entice users to buy newer devices.
If you're one of those people running an older version of Android, make sure to take extra precaution when installing apps or browsing the Web on your device. Never install apps from sources you don't trust, and take some time to grab a mobile security app like Lookout, TrustGo, or Norton Mobile Security. While you may not be able to close the holes in the OS itself, you can at least prevent apps that use these exploits from getting onto your device.
More than 500 million Android devices are activated, according to Google’s own stats, and the majority of them (57 percent) run on Gingerbread (2.3.X), a version introduced in late 2010, while only 1.2 percent run on the latest Jelly Bean (4.1) update. Just under 20 percent of Android devices run older versions of Android, dating back to 2009.
This story, "Half of all Android devices vulnerable to malware due to outdated software" was originally published by TechHive.