Thursday 8th October 2015

87% of Android devices insecure

Manufacturers fail to provide security updates

A new study by researchers at the University of Cambridge has shown that 87% of Android devices are vulnerable to attack by malicious apps and messages. Manufacturers are to blame, because most do not provide regular security updates. Some manufacturers are much better than others however, and the study shows that devices built by LG and Motorola, as well as those devices shipped under the Google Nexus brand are much better than most. Users, corporate buyers and regulators can find further details on manufacturer performance at

The study uses data collected by the team's Device Analyzer app, which is available from the Google Play Store. "The app collects data from volunteers around the globe and provides us with the statistical data we need" said Daniel Thomas, lead author of the study, "we have used data from over 20,000 devices to support our results, but we're keen to recruit more contributors." The full results of the study will be presented on Monday 12th October at the Workshop on Security and Privacy in Smartphones and Mobile Devices.

"The security community has been worried about the lack of security updates for Android devices for some time," said Dr Rice, "Our hope is that by quantifying the problem we can help people when choosing a phone and that this in turn will provide an incentive for manufacturers and operators to deliver updates."

"Google has done a good job at mitigating many of the risks," said Dr Beresford "and we recommend users only install apps from Google's Play Store since it performs additional safety checks on apps. Unfortunately Google can only do so much, and recent Android security problems have shown that this is not enough to protect users. Phones require updates from manufacturers, and the majority of devices aren't getting them."

For further information, contact:

We give permission for the graphics in on the website and in the paper to be republished.