Android users who do not upgrade their operating systems when new versions become available jeopardize the security of their devices, according to new research from Web security firm Duo Security. That lag in upgrades means that almost half of all Android devices have vulnerabilities that could be exploited by a hacker to assume control of the device.
Duo Security launched a free vulnerability scanning app for Android, X-Ray, last summer, and the preliminary data it collected revealed this troubling trend.
Android users tend to have outdated operating platforms because Android – which has the largest market share of any mobile platform – does not have a uniform timeframe for pushing out updates to its operating system, complete with security upgrades and patches. Instead, each carrier is responsible for pushing the updates out, each does so on its own timeline and users aren’t required to install the updates. Apple, on the other hand, pushes out updates of its iOS to all users at the same time, regardless of their carrier.
Duo Security’s X-Ray app scans Android devices for known vulnerabilities; attackers have targeted Android devices with malicious apps and other exploits for known vulnerabilities for several years.
“Since we launched X-Ray, we’ve already collected results from over 20,000 Android devices worldwide. Based on these initial results, we estimate that over half of Android devices worldwide have unpatched vulnerabilities that could be exploited by a malicious app or adversary,” Jon Oberheide of Duo Security wrote in a blog post about the research results.
Oberheide went on to say that the 50 percent figure might be a conservative estimate, and that the research underscores the importance of installing updates as soon as they become available.
“As carriers are very conservative in rolling out patches to fix vulnerabilities in the Android platform, users’ mobile devices often remain vulnerable for months and even years,” he wrote.