Skip to main content

Google-commissioned security report paints a bleak picture of Android

Android 6.0 Marshmallow.
Image used with permission by copyright holder
The lack of fast updates across the Android ecosystem means that more than 80 percent of device owners are at risk to at least one critical vulnerability. That’s according to a study from the University of Cambridge, which was partially funded by Google.

The study shows that while Google can make the latest version of Android safe from all vulnerabilities, its inability to get the updates out to every Android phone in a timely fashion makes most of the ecosystem unsafe. Even being one or two patches behind could put smartphone owners at risk of vulnerabilities like Stagefright, which is capable of taking over devices and infecting them with malware.

android-device-security
Image used with permission by copyright holder

In the study, each mobile vendor was graded based on security with scores from 1 to 10. Nexus devices ranked the highest at 5.2, followed by LG at 4.0, and Motorola at 3.1. Samsung came in fourth at 2.1, followed by Sony, and finally, HTC.

Samsung and LG both confirmed plans to stick on course with Google’s monthly updates, but HTC claimed that goal was unrealistic due to carrier testing. AT&T and Verizon Wireless have both been accused of routinely pausing updates, and blocking certain features like Google Wallet on Android devices.

Having a phone that’s vulnerable to attack might sound terrifying, but most critical vulnerabilities can only be exploited if the user downloads or clicks on something that is laced with malware. That’s why malware attacks tend to only reach a few hundred or thousand devices. Of course, some serious bugs like Heartbleed and Stagefright do pose risks to more devices.

Naturally, Android device owners would much rather have a system that is 100-percent safe. Google is working with device partners and carriers to ensure updates, especially security patches, are delivered at a speedy rate. Things just don’t always go as planned.

Android’s rival iOS isn’t completely off the hook when it comes to vulnerabilities, either. The most recent panic in China happened only a week ago, when an old video player returned and took over iPhones. A week before that, Chinese developers Baidu and Tencent were both caught using a faulty version of Xcode, infecting iPhone owners in China with malware.

However, the main difference is that Apple can immediately shore up the vulnerability on every iPhone that supports the latest version of iOS (which is the vast majority of iPhones) with a software update. Google isn’t able to do that because it’s phones are made by third-party manufacturers, whose own User Interfaces often slow down the update process, and the carriers who support these phones dictate when updates pass to individual phones.

David Curry
Former Digital Trends Contributor
David has been writing about technology for several years, following the latest trends and covering the largest events. He is…
When will my phone get Android 15? Here’s everything we know
The Android 15 logo on a smartphone.

Google has announced and shown off Android 15, which is the next major version of its mobile operating system. The development and release cycle of Android typically has a three-phase strategy, and that applies to Android 15 as well.

The first phase is always the Developer Preview phase, which happened earlier this year. It’s then followed by the more public Beta testing phase, and then the final, stable version comes out for everyone.

Read more
Security experts just found a massive flaw with Google Pixel phones
A person holding the Google Pixel 8 Pro.

Google is patching a serious firmware-level vulnerability that has been present on millions of Pixel smartphones sold worldwide since 2017. “Out of an abundance of precaution, we will be removing this from all supported in-market Pixel devices with an upcoming Pixel software update,” the company told The Washington Post.

The issue at heart is an application package called Showcase.apk, which is an element of Android firmware that has access to multiple system privileges. Ordinarily, an average smartphone user can’t enable or directly interact with it, but iVerify’s research proved that a bad actor can exploit it to inflict some serious damage.

Read more
Is the Google Pixel 9 waterproof?
The Google Pixel 9 in green, pink, white, and black colors, all laying on a white table.

A whole lot is going on with the new Google phones. The latest Pixel launch includes four phones, better cameras, a new processor, and a bunch of AI features. The new Tensor G4 powers the Google Pixel 9, Pixel 9 Pro, Pixel 9 Pro XL and the Pixel 9 Pro Fold. These phones are built to last long, with seven years of software upgrade promises and Pixel Drop updates.

However, to last that long, a phone needs to be physically capable of being resistant to harmful materials, including water and dust. Both of these can damage your phone, sometimes requiring you to replace a device. That’s why some level of dust and water resistance is important. So do the newest Pixel phones have waterproofing?
Is the Google Pixel 9 waterproof?

Read more