Consumers, regulators, and corporate buyers face a common problem
when assessing Android smartphones, in that no one knows which
vendor will supply patches after Google develops fixes for Android
“The difficulty is that the market for Android security today is
like the market for lemons,” Cambridge researchers Daniel Thomas,
Alastair Beresford, and Andrew Rice note in a new paper.
“There is information asymmetry between the manufacturer, who
knows whether the device is currently secure and will receive
security updates, and the customer, who does not.”
Their analysis of data collected from over 20,000 Android
devices with the Device Analyzer app installed found that 87
percent of Android devices were vulnerable to at least one of 11
bugs in the public domain in the past five years, including the
recently discovered TowelRoot issue, which Cyanogen fixed last
year, and FakeID.
Looks like March and April 2013 were the high-water mark for Android security.