IoT / Security researchers describe Android security as a ‘market for lemons’
Security researchers describe Android security as a ‘market for lemons’
14 October 2015
New findings show that 87 per cent of Android consumers are left vulnerable by critical flaws, as well as both handset provider and customer failures to apply issued patches.
Researchers from Cambridge University have pointed out that the majority of Android smartphones are left open to at least one critical vulnerability, urging device makers to take action in order to protect owners from older bugs.
In their paper, researchers Daniel Thomas, Alastair Beresford and Andrew Rice said: “The difficulty is that the market for Android security today is like the market for lemons.
“There is information asymmetry between the manufacturer, who knows whether the device is currently secure and will receive security updates, and the customer, who does not.”
Using data from over 20,000 Android devices, Thomas, Beresford and Rice found that on average, devices received only 1.26 updates per year despite recent promises of regular patches from Samsung, LG and Google after the appearance of Stagefright.
The study was designed to enable consumers to choose vendors which will supply patches for devices once Google issues them.
“The security of Android depends on the timely delivery of updates to fix critical vulnerabilities,” said the researchers.
“We showed that the bottleneck for the delivery of updates in the Android ecosystem rests with the manufacturers, who fail to provide updates to fix critical vulnerabilities.”
Among its results, Google, LG and Motorola came top while Samsung, HTC and Asus performed poorly
The study, which was partially funded by Google, is available to read via Cambridge University’s Computer Labs site.
Photo © closari (CC BY 2.0). Cropped.