Proportion of devices running vulnerable versions of Android
We are collating all the root equivalent vulnerabilities in Android and storing all the information about them in a machine reable format (json) with references for each fact. This allows for analysis of what proportion of Android devices are vulnerable to different vulerabilities by using the Device Analyzer data. It should also allow us to compare different manufacturers and network operators in terms of the time it takes them to supply updates to customers. This work is being coordinated by Daniel Thomas.
At the moment we are only tracking 'root equivalent vulnerabilities' which an application could exploit. This means vulnerabilities which allow an application (malicious or compromised) to either directly gain root or gain privlieges which can then be used to obtain root.