Google, today, released its Android Security 2016 Year In Review report outlining its top findings from the past year. And the results make for very interesting reading.
In a nutshell:
Just 3 percent of all Android smartphones run on the latest version of it's operating system
50% of all Android devices received a security update last year
There are atleast 1,500 variations of every version of the Android operating software
Over 100 security researchers made public contributions to Android in 2016, for a total of nearly 1 million dollars in security rewards
In 2016, approximately 380,000 people used Android Device Manager to find their phones each day
There are two ways of looking at the findings. On one hand, it is fantastic news that the percentage of people downloading apps and software outside of Google Play Store has come down a lot. But the fact that just 50 percent of Android devices have received security updates in 2016 is quite shocking.
Although the number goes up to 73% for European phones that received an update for the same period, it is nowhere near where it should be. Add to this the fact that most companies allow workers to bring their own devices to work and most have their work emails on their phones, the situation makes for difficult reading.
BYOD has become very popular with companies trying to streamline costs especially with workers preferring to use their own smartphones. While their loss or theft puts enterprises at substantial risk, it also comes from jail broken or rooted phones. And it isn't just a matter of receiving a patch and applying it.
Phone manufacturers like Samsung, LG and Sony have several different handsets being sold in different countries running different versions of the operating system. Smartphones sold as part of a contract by networks are usually locked to them and are loaded with their own skins before being sold. So for Google to police the Android operating system is very difficult. However, the report also points out some achievements year on year...
By Q4 2016, fewer than 0.71% of devices had Potentially Harmful Applications (PHAs) installed and for devices that exclusively download apps from Google Play, that number was even smaller at 0.05%.
We streamlined our boot-up process to make it easier to install over-the- air (OTA) security updates. To support this faster boot up, we implemented le-based encryption, which also better isolates and protects individual users on a device.
While the updates are impressive, given the scale, they aren't enough to protect against targeted hacking or breach attempts. However, Google also did perform 790 million Android device scans daily in 2016 and as Adrian Ludwig, Google’s director of Android Security told Wired magazine: “We’re proud of the fact that half of devices received an update in 2016, but that’s not sufficient. We think it’s an indication of good progress. It doesn’t mean we’re done.”