Statistics provided by Duo Security show that despite Google’s sustained efforts of improving the security of the Android OS in the last nine months, a vast majority of devices are still running older OS versions, with an outdated security patch level.
Duo says that out of all the Android devices on the market, 32 percent are unpatchable at a software level because they run extremely old OS versions.
For the rest of the devices, Duo says that more than half, 51 percent, are still running Android OS versions without the latest security patch versions installed. This means that from all devices, only a mere 17 percent are running an OS version hardened and protected against exploits.
Duo says that based on their data, 3 out of 10 Android devices are vulnerable to 24 critical vulnerabilities that Google patched since the start of the year.
This delay in applying critical security patches can be justifiably put on OEMs, who take their time in integrating Google’s fixes into their custom Android OS implementations.
Huawei leads the pack in terms of Android security
Duo says that the most diligent OEM is Huawei, who can boast of having updated 77 percent of all of its devices to the latest Android security patch.
Based on the number of sold devices, Huawei ranks fifth among OEMs, after Samsung, LGE, Motorola, and HTC, showing that big profits don’t necessarily mean better security practices.
Based on Duo’s charts, seen below, Samsung, whose devices have a 60+ percent market share, are outperformed in terms of security patches by both LGE and Motorola.
“Manufactures and carriers alike should work to bring automatic updates to their customers,” Duo’s Olabode Anise says. “By doing so, they would alleviate the burden customers and IT administrators have of manually applying updates, shorten the window of time attackers have to exploit vulnerabilities after they’ve been disclosed and bring better operating system performance to their user without sacrificing business productivity.”