“Research from the University of Cambridge has revealed that almost nine out of ten Android devices aren’t protected against major security vulnerabilities. The team of researchers found that 87% of Android smartphones and tablets are vulnerable to at least one of the 11 major Android bugs revealed in the last five years, such as the recently uncovered Stagefright.”
What Adrian had to say:
“When Google prepares an Android software update, it distributes it to manufacturers such as such LG and Samsung. These manufacturers then have to apply the changes to their version of Android, and test for device compatibility. More often than not, each Android phone will run a slightly different version of the operating system. A Samsung Note 5 sold via Telstra will have different software than one sold via Vodafone or Optus. After these updates have been completed, they are then sent to the respective telco for testing. After the telco has finished testing it, they will then deploy the update to their customers. The testing process itself can take a number of weeks.”
Because of this, some Android devices never receive software updates, said ethical hacker and director of security firm Whitehack Adrian Wood.
“The way Android handles updates like security updates is very different to Apple,” Wood told CyberShack when discussing Statefright earlier in the year. “If an equivalent bug to Stagefright was found on iOS, Apple could just push an update to every iPhone and protect them within 48 hours of it being discovered. Android handles updates slightly differently. The Android source code goes out to manufacturers like Sony, Samsung and LG, and they make tweaks and play around with the code a bit and launch it out on a phone. So when a bug is found, Google can patch the Android source code and push it out to Samsung, but then Samsung has to make it work on their phones.”
“If you’re a person who’s not buying the flagship model of a phone, you can be in a really tricky situation because the support period for Android’s operating system is quite short, especially compared to Apple. You could not go to the store and buy a brand new iPhone that’s out of the support period.”
Read more about it at Cybershack.