Skip to main content

Google-commissioned security report paints a bleak picture of Android

Android 6.0 Marshmallow.
Image used with permission by copyright holder
The lack of fast updates across the Android ecosystem means that more than 80 percent of device owners are at risk to at least one critical vulnerability. That’s according to a study from the University of Cambridge, which was partially funded by Google.

The study shows that while Google can make the latest version of Android safe from all vulnerabilities, its inability to get the updates out to every Android phone in a timely fashion makes most of the ecosystem unsafe. Even being one or two patches behind could put smartphone owners at risk of vulnerabilities like Stagefright, which is capable of taking over devices and infecting them with malware.

Image used with permission by copyright holder

In the study, each mobile vendor was graded based on security with scores from 1 to 10. Nexus devices ranked the highest at 5.2, followed by LG at 4.0, and Motorola at 3.1. Samsung came in fourth at 2.1, followed by Sony, and finally, HTC.

Samsung and LG both confirmed plans to stick on course with Google’s monthly updates, but HTC claimed that goal was unrealistic due to carrier testing. AT&T and Verizon Wireless have both been accused of routinely pausing updates, and blocking certain features like Google Wallet on Android devices.

Having a phone that’s vulnerable to attack might sound terrifying, but most critical vulnerabilities can only be exploited if the user downloads or clicks on something that is laced with malware. That’s why malware attacks tend to only reach a few hundred or thousand devices. Of course, some serious bugs like Heartbleed and Stagefright do pose risks to more devices.

Naturally, Android device owners would much rather have a system that is 100-percent safe. Google is working with device partners and carriers to ensure updates, especially security patches, are delivered at a speedy rate. Things just don’t always go as planned.

Android’s rival iOS isn’t completely off the hook when it comes to vulnerabilities, either. The most recent panic in China happened only a week ago, when an old video player returned and took over iPhones. A week before that, Chinese developers Baidu and Tencent were both caught using a faulty version of Xcode, infecting iPhone owners in China with malware.

However, the main difference is that Apple can immediately shore up the vulnerability on every iPhone that supports the latest version of iOS (which is the vast majority of iPhones) with a software update. Google isn’t able to do that because it’s phones are made by third-party manufacturers, whose own User Interfaces often slow down the update process, and the carriers who support these phones dictate when updates pass to individual phones.

Editors' Recommendations

David Curry
Former Digital Trends Contributor
David has been writing about technology for several years, following the latest trends and covering the largest events. He is…
Google is killing your passwords, and security experts are (mostly) happy
Logging into a Google account with passkeys on an iPhone.

Google is inching closer to making passwords obsolete. The solution is called "Passkeys," a unique form of password that is stored locally on your phone or PC, just the way a physical security key works. The passkeys are protected behind a layer of authentication, which can be your fingerprint or face scan — or just an on-screen pattern or PIN.

Passkeys are faster, linked across platforms, and save you the hassle of remembering passwords for websites or services that you have subscribed to. There is a smaller scope for human error, and the risks of 2-factor authentication code interception are also reduced.

Read more
I’ve been using Android 14 for months. Here’s why you’re going to love it
Official artwork for Android 14 on a Pixel 7a.

A new generation of Pixel phones is hitting the shelves, and they boast the latest version of Android 14 out of the box. I’ve been testing the latest version of Google’s mobile OS since the first beta builds arrived, and so far, the experience has been pretty smooth sailing.

Surprisingly, Android 14 doesn’t try to reinvent the wheel in terms of user-facing changes. The UI looks identical to Android 13, and there aren’t many changes that would qualify as a must-have reimagination of the phone experience. But there are a few updates that make it worth the brief “wow” journey of digging into a yearly OS upgrade.
Android 14 has a cool trick for your computer

Read more
I abandoned my iPad for an Android tablet and didn’t hate it
A person typing on a keyboard, connected to a Pixel Tablet.

Android tablets aren’t a patch on the Apple iPad, right? I mean, they don’t come close in app compatibility, performance, or versatility — making Android as an operating system good on phones, but disappointing on tablets. That’s the rule, and it’s one I have followed for some time.

At least, that was until I forced myself to live with and use the Google Pixel Tablet just like I do my iPad Pro. Would it change my mind? A bit, yes, but another Android tablet changed it more.
What does my tablet need to do?

Read more