Android Security a ‘Market for Lemons’ That Leaves 87 Percent Vulnerable

Liam Tung, reporting for ZDNet:

Consumers, regulators, and corporate buyers face a common problem when assessing Android smartphones, in that no one knows which vendor will supply patches after Google develops fixes for Android security bugs.

“The difficulty is that the market for Android security today is like the market for lemons,” Cambridge researchers Daniel Thomas, Alastair Beresford, and Andrew Rice note in a new paper.

“There is information asymmetry between the manufacturer, who knows whether the device is currently secure and will receive security updates, and the customer, who does not.”

Their analysis of data collected from over 20,000 Android devices with the Device Analyzer app installed found that 87 percent of Android devices were vulnerable to at least one of 11 bugs in the public domain in the past five years, including the recently discovered TowelRoot issue, which Cyanogen fixed last year, and FakeID.

Looks like March and April 2013 were the high-water mark for Android security.

Tuesday, 13 October 2015