Skip to main content

Google-commissioned security report paints a bleak picture of Android

Android 6.0 Marshmallow.
The lack of fast updates across the Android ecosystem means that more than 80 percent of device owners are at risk to at least one critical vulnerability. That’s according to a study from the University of Cambridge, which was partially funded by Google.

The study shows that while Google can make the latest version of Android safe from all vulnerabilities, its inability to get the updates out to every Android phone in a timely fashion makes most of the ecosystem unsafe. Even being one or two patches behind could put smartphone owners at risk of vulnerabilities like Stagefright, which is capable of taking over devices and infecting them with malware.


In the study, each mobile vendor was graded based on security with scores from 1 to 10. Nexus devices ranked the highest at 5.2, followed by LG at 4.0, and Motorola at 3.1. Samsung came in fourth at 2.1, followed by Sony, and finally, HTC.

Samsung and LG both confirmed plans to stick on course with Google’s monthly updates, but HTC claimed that goal was unrealistic due to carrier testing. AT&T and Verizon Wireless have both been accused of routinely pausing updates, and blocking certain features like Google Wallet on Android devices.

Having a phone that’s vulnerable to attack might sound terrifying, but most critical vulnerabilities can only be exploited if the user downloads or clicks on something that is laced with malware. That’s why malware attacks tend to only reach a few hundred or thousand devices. Of course, some serious bugs like Heartbleed and Stagefright do pose risks to more devices.

Naturally, Android device owners would much rather have a system that is 100-percent safe. Google is working with device partners and carriers to ensure updates, especially security patches, are delivered at a speedy rate. Things just don’t always go as planned.

Android’s rival iOS isn’t completely off the hook when it comes to vulnerabilities, either. The most recent panic in China happened only a week ago, when an old video player returned and took over iPhones. A week before that, Chinese developers Baidu and Tencent were both caught using a faulty version of Xcode, infecting iPhone owners in China with malware.

However, the main difference is that Apple can immediately shore up the vulnerability on every iPhone that supports the latest version of iOS (which is the vast majority of iPhones) with a software update. Google isn’t able to do that because it’s phones are made by third-party manufacturers, whose own User Interfaces often slow down the update process, and the carriers who support these phones dictate when updates pass to individual phones.

Editors' Recommendations

David Curry
Former Digital Trends Contributor
David has been writing about technology for several years, following the latest trends and covering the largest events. He is…
Apple and Google are teaming up to make tracking devices less creepy
Apple AirTag lifestyle image.

Apple and Google are partnering to develop a new standard for Bluetooth tracking devices that seeks to stop malicious stalking and other abusive use of gadgets like the Apple AirTag. Essentially, this would be a universal, OS-level tracker detection and alert system that will work uniformly across Android and iOS. The two companies are inviting stakeholders to review the proposal and submit their feedback within the next three months.

Once the feedback period is over, all the involved parties will work together to finalize the technical standardization, with the hope of releasing a market-ready version by the end of the year. Following the release and adoption by makers of tracking devices, the tech will be generally made available via a software update for Android and iOS devices.
Better late than never

Read more
I wish I never bought my Google Pixel 7 Pro
The Google Pixel 7 Pro standing up.

As someone who writes about smartphones, tablets, and other smart devices for a day job, it likely comes as no surprise to you that I'm the guy who friends and family come to for advice on which smartphone to buy. In recent years, my advice has more-or-less been the same: "Buy a Google Pixel." They're reliable, as close to an iPhone on Android as you're going to get, and have absolutely phenomenal cameras. They were a slam dunk of a recommendation, and I've been recommending Google's smartphone range to my nearest and dearest for years now.

That's why it's been tough for me to admit this -- but after almost six months with my new Pixel smartphone, I think I'm finally ready to face up to the truth. I wish I'd never bought my Google Pixel 7 Pro, as it's destroying my faith in Google.
I fell in love with an older Pixel

Read more
Your next Samsung phone might ditch Google Search for Bing
The screens on the Galaxy A54 and Galaxy S23 Ultra.

When you buy an Android phone, you expect Google Search to be installed out of the box as the default search engine. But that may not be the case when you buy your next Samsung phone. According to a report over the weekend, Samsung might abandon Google Search in favor of Bing as the default search engine for future Samsung Galaxy phones.

The possibility that Samsung is considering replacing Google Search with Bing on its smartphones sent Google into a "panic," according to the New York Times, Why? As the report explains, "An estimated $3 billion in annual revenue is at stake with the Samsung contract." If Samsung doesn't want to keep using Google for the default search engine on its phones, that's $3 billion per year Google will no longer get. And if Samsung decides it wants Bing instead of Google, who knows how many other companies will follow suit and do the same.
Why Samsung wants Bing over Google

Read more