Scores out of ten

Nexus devices 5.76 (best)
LG 4.53 
Motorola 3.34 
Samsung 2.81 
Sony 2.78 
Asus 2.61 
HTC 2.6 
alps 0.726 
Symphony 0.309 
walton 0.272 (worst)

Calculating the score

We developed the FUM score to compare the security provided by different device manufacturers. The score gives each Android manufacturer a score out of 10 based on the security they have provided to their customers over the last four years.

The score has three components:

the proportion of devices free from known critical vulnerabilities.
the proportion of devices updated to the most recent version.
the number of vulnerabilities the manufacturer has not yet fixed on any device.

Further details.

Proportion of devices running vulnerable versions of Android

Proportion of devices affected by critical vulnerabilities

This figure shows our estimate of the proportion of Android devices running insecure, maybe secure and secure versions of Android over time. Further details on how this figure constructed can be found on a separate page.

Help us, install Device Analyzer

We are only able to produce these scores due to the contributions made to Device Analyzer by members of the public. If you have an Android device you can install the Device Analyzer app and provide researchers with additional data on which devices are secure. Device Analyzer follows best practices in privacy preservation.

If you have information about a vulnerability not listed on this site then you can submit it.

If you have MDM data and want to know which devices used by your organisation are vulnerable then we can help: contact us.

Vulnerabilities and papers

We are collating all critical vulnerabilities in Android and storing this information in a machine readable format (json). We are only tracking critical vulnerabilities which an app could exploit. These are vulnerabilities that allow an app (malicious or compromised) to either gain root or gain privileges which can then be used to obtain root.

Published papers

Press releases

Press coverage

  • ZDNet: Android security a 'market for lemons' that leaves 87 percent vulnerable
  • Arstechnica: University of Cambridge study finds 87% of Android devices are insecure
  • The Register: Android users left at risk... and it's not even THEIR FAULT this time!
  • Silicon Angle: The elephant in the room: Study confirms Android devices vulnerable due to lack of patches
  • Phone arena: Cambridge paper shows that LG is better than other OEMs when it comes to security
  • Digital Journal: 90% of Android devices left exposed to critical vulnerabilities
  • The Sydney Morning Herald: 9-out-of-10 Android phones are insecure, and manufacturers are to blame
  • Digital Trends: "Google-commissioned security report paints a bleak picture of Android" (Note: Google did not commission this report, they funded work on Device Analyzer which we used in this analysis)
  • Silicon Republic: 87pc of Android devices wildly insecure — report
  • Forbes: The Dangerous Vulnerabilities Hiding In The Heart Of Android
  • Gadgets 360: LG Top OEM for Issuing Security Patches to Its Android Devices: Report
  • Android Headlines: AH Primetime: Cambridge University Analyze Android Security Risk
  • Engadget: Most Android phones are vulnerable due to lack of security patches
  • Threatpost: Researchers Find 85 Percent of Android Devices Insecure
  • Guardian: Security is the loser in the holy war between Android and Apple


Computer Laboratory
University of Cambridge
15 JJ Thompson Avenue
Cambridge CB3 0FD