A lack of timely updates is the primary reason why almost 90% of Android devices are vulnerable to malware attacks, according to a new study from Cambridge University researchers.
The ongoing research, which is partially funded by Google, revealed more Android devices are vulnerable than experts previously believed.
The research disclosed that on average, 87.7% of Android devices are susceptible to at least one of 11 known critical vulnerabilities. These vulnerabilities include the recently discovered TowelRoot exploit issue and the FakeID flaw.
In August, the San Francisco-based Zimperium Mobile Security warned that a flaw in the Android media library Stagefright left 95% of an estimated 950 million Android-based mobile devices susceptible to remote code execution vulnerabilities.
The primary reason for these disturbing numbers, according to the Cambridge study, is because a significant number of manufacturers are not releasing periodic updates.
One of the researchers, Alastair R. Beresford, stated in a blog post, "The problem with the lack of updates to Android devices is well known, and recently Google and Samsung have committed to shipping security updates every month."
According to Beresford, devices made by Motorola and LG, and those shipped under the Google Nexus brand are the most trustworthy of all the Android device manufacturers.
Additionally, Beresford noted Google has done a commendable job mitigating most of the risks and advised users to only download and install applications from its Play Store. He also emphasized the importance of dispatched ROM software updates.
Although Google sends out guaranteed monthly security bulletins, it is up to the manufacturers to release updates for their devices, and right now, most devices just aren't getting them.
"Our hope is that by quantifying the problem, we can help people when choosing a device and that this in turn will provide an incentive for other manufacturers and operators to deliver updates," Beresford said.
The research gleaned statistics from data collected from more than 21,700 devices using Device Analyzer, an app created by researchers at Cambridge that is available for free from Google's Play Store. The Device Analyzer app sends in data anonymously.
© 2025 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
Roy Urrico
Roy W. Urrico specializes in articles about financial technology and services for Credit Union Times, as well as ghostwriting, copywriting, and case studies. Also: writer/editor of a semi-annual newsletter for Association for Financial Technology since 1997 and history projects funded by the U.S Interior Department, National Park Service and Warren County (N.Y.).
