Skip to main content
  1. Home
  2. Phones
  3. Android
  4. Mobile
  5. News

Google-commissioned security report paints a bleak picture of Android

Add as a preferred source on Google

The lack of fast updates across the Android ecosystem means that more than 80 percent of device owners are at risk to at least one critical vulnerability. That’s according to a study from the University of Cambridge, which was partially funded by Google.

The study shows that while Google can make the latest version of Android safe from all vulnerabilities, its inability to get the updates out to every Android phone in a timely fashion makes most of the ecosystem unsafe. Even being one or two patches behind could put smartphone owners at risk of vulnerabilities like Stagefright, which is capable of taking over devices and infecting them with malware.

android-device-security
Image used with permission by copyright holder

In the study, each mobile vendor was graded based on security with scores from 1 to 10. Nexus devices ranked the highest at 5.2, followed by LG at 4.0, and Motorola at 3.1. Samsung came in fourth at 2.1, followed by Sony, and finally, HTC.

Recommended Videos

Samsung and LG both confirmed plans to stick on course with Google’s monthly updates, but HTC claimed that goal was unrealistic due to carrier testing. AT&T and Verizon Wireless have both been accused of routinely pausing updates, and blocking certain features like Google Wallet on Android devices.

Having a phone that’s vulnerable to attack might sound terrifying, but most critical vulnerabilities can only be exploited if the user downloads or clicks on something that is laced with malware. That’s why malware attacks tend to only reach a few hundred or thousand devices. Of course, some serious bugs like Heartbleed and Stagefright do pose risks to more devices.

Naturally, Android device owners would much rather have a system that is 100-percent safe. Google is working with device partners and carriers to ensure updates, especially security patches, are delivered at a speedy rate. Things just don’t always go as planned.

Android’s rival iOS isn’t completely off the hook when it comes to vulnerabilities, either. The most recent panic in China happened only a week ago, when an old video player returned and took over iPhones. A week before that, Chinese developers Baidu and Tencent were both caught using a faulty version of Xcode, infecting iPhone owners in China with malware.

However, the main difference is that Apple can immediately shore up the vulnerability on every iPhone that supports the latest version of iOS (which is the vast majority of iPhones) with a software update. Google isn’t able to do that because it’s phones are made by third-party manufacturers, whose own User Interfaces often slow down the update process, and the carriers who support these phones dictate when updates pass to individual phones.

David Curry
Former Contributor
David has been writing about technology for several years, following the latest trends and covering the largest events. He is…
Apple starts testing cheaper Chinese RAM inside iPhones, but your pocket won’t feel the ease
Fourth-largest DRAM producer in the world, on the Pentagon's watchlist, and now quietly inside Apple's test labs.
The M4 Mac mini on a desk.

Apple has quietly been testing a new memory supplier for some of its devices sold in China, and the name behind those chips is one that Washington has been keeping a close eye on.

It’s the one that I talked about a few days ago in another story, when rumors about Apple considering a Chinese memory supplier started surfacing after the company announced an ugly price hike for most of its devices (except iPhone and Apple Watch). 

Read more
Android 17’s new video standard fixes one of HDR’s biggest problems
Your HDR videos are about to look right, no matter what screen you use.
Electronics, Mobile Phone, Phone

Android 17 is packed with new features, but one small addition might end up mattering more than the flashy ones. It's called Eclipsa Video, and its whole purpose boils down to this: your HDR videos should finally look the way they're supposed to, regardless of which screen you're staring at.

Why does HDR look different on every screen?

Read more
Your free mobile VPN is a privacy disaster. Go figure
Android's free VPNs are somehow worse than you expected
VPN

The free VPN app you downloaded for your Android phone might be doing more harm than good. A recent large-scale audit of free Android VPN apps has shared some worrisome findings that justify some healthy suspicion. Researchers found these apps leaking traffic, sending identifying information to third parties, and basically the opposite of what a VPN is supposed to do.

The study comes from researchers at the University of Michigan, the University of New Mexico and IIT Delhi. Their findings were presented at the Network and Distributed System Security Symposium 2026 alongside MVPNalyzer, a framework designed to audit mobile VPN apps automatically and at scale.

Read more