Skip to main content

Google-commissioned security report paints a bleak picture of Android

The lack of fast updates across the Android ecosystem means that more than 80 percent of device owners are at risk to at least one critical vulnerability. That’s according to a study from the University of Cambridge, which was partially funded by Google.

The study shows that while Google can make the latest version of Android safe from all vulnerabilities, its inability to get the updates out to every Android phone in a timely fashion makes most of the ecosystem unsafe. Even being one or two patches behind could put smartphone owners at risk of vulnerabilities like Stagefright, which is capable of taking over devices and infecting them with malware.

android-device-security
Image used with permission by copyright holder

In the study, each mobile vendor was graded based on security with scores from 1 to 10. Nexus devices ranked the highest at 5.2, followed by LG at 4.0, and Motorola at 3.1. Samsung came in fourth at 2.1, followed by Sony, and finally, HTC.

Recommended Videos

Samsung and LG both confirmed plans to stick on course with Google’s monthly updates, but HTC claimed that goal was unrealistic due to carrier testing. AT&T and Verizon Wireless have both been accused of routinely pausing updates, and blocking certain features like Google Wallet on Android devices.

Having a phone that’s vulnerable to attack might sound terrifying, but most critical vulnerabilities can only be exploited if the user downloads or clicks on something that is laced with malware. That’s why malware attacks tend to only reach a few hundred or thousand devices. Of course, some serious bugs like Heartbleed and Stagefright do pose risks to more devices.

Naturally, Android device owners would much rather have a system that is 100-percent safe. Google is working with device partners and carriers to ensure updates, especially security patches, are delivered at a speedy rate. Things just don’t always go as planned.

Android’s rival iOS isn’t completely off the hook when it comes to vulnerabilities, either. The most recent panic in China happened only a week ago, when an old video player returned and took over iPhones. A week before that, Chinese developers Baidu and Tencent were both caught using a faulty version of Xcode, infecting iPhone owners in China with malware.

However, the main difference is that Apple can immediately shore up the vulnerability on every iPhone that supports the latest version of iOS (which is the vast majority of iPhones) with a software update. Google isn’t able to do that because it’s phones are made by third-party manufacturers, whose own User Interfaces often slow down the update process, and the carriers who support these phones dictate when updates pass to individual phones.

David Curry
Former Contributor
David has been writing about technology for several years, following the latest trends and covering the largest events. He is…
Google is putting Gemini on your wrist and more screens around you
Google Gemin on a smartwatch.

Google has just announced that the Gemini AI stack is coming to your Wear OS smartwatch, and a bunch of other screens in your life, such as your car’s infotainment dashboard and smart TV. With the move, the company is bringing down the curtain on Google Assistant across its device ecosystem. 

Gemini is already a part of the core Android experience, deeply integrated across the Workspace ecosystem of apps and even third-party platforms such as WhatsApp and Spotify. With Gemini making its way to Wear OS, Android Auto, and TV, users will have a more seamless experience and a wider variety of screens to get work done.

Read more
Google’s latest Android tools will protect you from a wider range of scams
Scam alert on Android phones.

Over the past few years, Google has released a host of safeguards for calls, messages, and web browsing that increasingly use AI to protect smartphone users from scams. Ahead of the I/O 2025 developers conference, Google has now detailed the next wave of safety features coming to Android devices this year. 

Bad actors often trick users into disabling the built-in safeguards, such as Google Play Protect, sideloading malware apps, and enabling permissions that allow data theft. Google says the next-gen safety features in Android will aim to negate these attacks. 

Read more
From Android 1.0 to Android 16: How Google’s mobile OS has evolved since 2008
Android 16 logo on Google Pixel 6a kept on the edge of a table.

Google I/O 2025 will be livestreaming next week, and software developers from Google are expected to unveil Android 16, which is slated to come out before the summer. The upcoming Android software update is expected to bring a host of new features as well as some returning mechanics from a decade ago.

To hold our excitement for the upcoming conference over, we're going to take a stroll down memory lane with a complete history of Android, from its humble beginnings as a T-Mobile-exclusive mobile tech to an AI-advanced software to grace contemporary smartphones like Google Pixel 9 and Samsung Galaxy S25. Android has come a long way since 2008, and it has a long way to go to be the best mobile software for everyone. That being said, here's a full timeline of Android's evolution.

Read more