AndroidVulnerabilities.org

Scores out of ten

N.B. These scores have not been updated since 2015

Nexus devices 5.76 (best)
LG 4.53 
Motorola 3.34 
Samsung 2.81 
Sony 2.78 
Asus 2.61 
HTC 2.6 
alps 0.726 
Symphony 0.309 
walton 0.272 (worst)

Calculating the score

We developed the FUM score to compare the security provided by different device manufacturers. The score gives each Android manufacturer a score out of 10 based on the security they have provided to their customers over the last four years.

The score has three components:

f
the proportion of devices free from known critical vulnerabilities.
u
the proportion of devices updated to the most recent version.
m
the number of vulnerabilities the manufacturer has not yet fixed on any device.

Further details.

Proportion of devices running vulnerable versions of Android

Proportion of devices affected by critical vulnerabilities

This figure shows our estimate of the proportion of Android devices running insecure, maybe secure and secure versions of Android over time. Further details on how this figure constructed can be found on a separate page.

Device Analyzer logo

Device Analyzer

We have only been able to produce these scores due to the contributions made to Device Analyzer by members of the public. The Device Analyzer app is no longer available, but information about the project is still available from the link above.

If you have information about a vulnerability not listed on this site then you can submit it.

If you have MDM data and want to know which devices used by your organisation are vulnerable then we can help: contact us.

Vulnerabilities and papers

We are collating all critical vulnerabilities in Android and storing this information in a machine readable format (json). The original data set only conidered critical vulnerabilities which an app could exploit. These are vulnerabilities that allow an app (malicious or compromised) to either gain root or gain privileges which can then be used to obtain root. However, we are now including all vulnerabilities marked as critical on Google's Android security bulletins.

Published papers

Press releases

Press coverage

  • ZDNet: Android security a 'market for lemons' that leaves 87 percent vulnerable
  • Arstechnica: University of Cambridge study finds 87% of Android devices are insecure
  • The Register: Android users left at risk... and it's not even THEIR FAULT this time!
  • Silicon Angle: The elephant in the room: Study confirms Android devices vulnerable due to lack of patches
  • Phone arena: Cambridge paper shows that LG is better than other OEMs when it comes to security
  • Digital Journal: 90% of Android devices left exposed to critical vulnerabilities
  • The Sydney Morning Herald: 9-out-of-10 Android phones are insecure, and manufacturers are to blame
  • Digital Trends: "Google-commissioned security report paints a bleak picture of Android" (Note: Google did not commission this report, they funded work on Device Analyzer which we used in this analysis)
  • Silicon Republic: 87pc of Android devices wildly insecure — report
  • Forbes: The Dangerous Vulnerabilities Hiding In The Heart Of Android
  • Gadgets 360: LG Top OEM for Issuing Security Patches to Its Android Devices: Report
  • Android Headlines: AH Primetime: Cambridge University Analyze Android Security Risk
  • Engadget: Most Android phones are vulnerable due to lack of security patches
  • Threatpost: Researchers Find 85 Percent of Android Devices Insecure
  • Guardian: Security is the loser in the holy war between Android and Apple

Contact

Computer Laboratory
University of Cambridge
15 JJ Thompson Avenue
Cambridge CB3 0FD
contact@androidvulnerabilities.org