The weaknesses and Android security problems have been known over the years. Google and the community has tried to correct them and resolve, ensuring that Android is again safe.
But one question always remains in the air after announced the arrival of one of these solutions. Is always to know how many devices actually receive these security fixes?
A study by the University of Cambridge has now revealed that 87% of Android smartphones are unsecured and are vulnerable to security problems.
The numbers that this study found are scary and taste good of general problem that has affected Android over the years. With so many versions exist and no investment of updates to manufacturers for these devices this is a reality that would be expected.
Although arise solutions to problems that arise they are not applied in devices that are in use , leaving them vulnerable and exposed to problems.
This study showed exactly that and its creators reinforce this point of failure in the Android ecosystem, which is something that for years the Google tries to fix.
The difficulty is que the market for Android security today is like the market for lemons.
There is information asymmetry between the manufacturer, who knows Whether the device is Currently secure and will receive security updates, and the customer, who does not.
The problem is that even after several Google’s attempts to create rules for your operating system and updates they end up not happening.
This analysis, which culminated with the results of the study has been done on more than 20 thousand Android devices that run the application Device Analyzer, which collects various information about the equipment.
Altogether 87% of the evaluated devices are vulnerable to at least one of 11 serious vulnerabilities found on Android in the last five years .
A list of these vulnerabilities can be seen below:
- KillingInTheNameOf psneuter ashmem, 2010-07-13
- exploid udev, 2010-07- 15
- Levitator, 2011-03-10
- Gingerbreak, 2011-04-18
- zergRush, 2011-10-06
- APK duplicate file, 02/18/2013
- APK unchecked name, 30/06/2013
- APK unsigned shorts, 03/07/2013
- Fake ID , 04/17/2014
- TowelRoot, 03/05/2014
- ObjectInputStream deserializable, 06/22/2014
- Stagefright, 08/04/2015
- Stagefright2, 08/15/2015
It was also proven that Android devices receive annually, on average, only 1.26 update, which is clearly not face to the many problems that have arisen and which require intervention by manufacturers.
This study, which was partly sponsored by Google itself is intended to alert consumers to the importance of choosing a brand that guarantees the necessary periodic security updates and has a good track record of updates to the latest versions of Android, regardless of age of the devices.
The security community Has Been worried about the lack of security updates for Android devices for some team.
Our hope is que by quantifying the problem, we can help people When choosing a phone and que this in turn will Provide an incentive for manufacturers and operators to deliver updates.
To support study its creators launched a website where they present not only your conclusions, but also a ranking of the brands that more are adapted to respond to equipment upgrades needs to sell.
List of Top 10 brands with updates
Google Nexus | 5.2 (better) |
LG | 4.0 |
Motorola | 3.1 |
Samsung | 2.7 |
Sony | 2.5 |
HTC | 2.5 |
Asus | 2.4 |
Alps | 0.7 |
Symphony | 0.3 |
Walton | 0.3 (worst) |
This list turns out to be quite matches reality we know and shows that Google turns out to be the brand that more updating their equipment.
The values that have served for the ranking are based on three factors that form the FUM, which can be seen at AndroidVulnerabilities.org.
Even with all the awareness made by Google to brands, the result of recent vulnerabilities, they end up not keeping up with the needs of users with comes to providing security updates.
When extending these updates, or simply do not throw, manufacturers continue to leave the unprotected and exposed users, further increasing the gap compared to other ecosystems.
The findings and data that this study points reveal a reality that all unfortunately know, but that probably was not such a high dimension.
AndroidVulnerabilities.org
No comments:
Post a Comment