Official TEKConn Blog

Study exposes security flaws in more than half of Android devices

A new study suggests more than half of the Android devices in use today have known yet unpatched malware vulnerabilities.

A new study suggests more than half of the Android devices in use today have known yet unpatched malware vulnerabilities.

More than half of the Android devices in use today – including smartphones and tablet computers – are vulnerable to dangerous exploits, according to a new report.

The study, conducted by mobile security firm Duo Security, examined more than 20,000 devices operating on different iterations of the Android platform using a tool known as "X-Ray." They were scanned for privilege escalation vulnerabilities that could be exploited using malware. These are known holes in the operating system that have yet to be patched.

"Yes, it's a scary number," Duo Security CEO and co-founder Jon Oberheide wrote in a blog post, "but it exemplifies how important expedient patching is to mobile security and how poorly the industry (carriers, device manufacturers, etc) has performed thus far. We feel this is actually a fairly conservative estimate based on our preliminary results, the current set of vulnerabilities detected by X-Ray, and the current distribution of Android versions globally."

Bogdan Botezatu, a senior e-threat analyst for antivirus company BitDefender, told IDG News Service that there is a disconnect between the management of traditional and mobile operating systems. While platforms like Windows XP receive support updates for several years, the lifecycle for mobile devices and their software is significantly shorter.

Consequently, less attention is focused on patching existing vulnerabilities than on developing new versions of the system and accompanying hardware. This is why managed IT support is integral in safeguarding a business' IT assets, whether they are company-owned or part of a bring-your-own-device program.

Understanding the threats posed to a platform will help determine the right hardware and software solutions to meet enterprise needs while protecting critical data and operations.