A common complaint among Android users concerns the inability to receive timely device patches and updates from carriers and manufacturers. Various smartphones are released each year with outdated software and in some cases are never updated, leaving users vulnerable to malicious attacks. New research from Duo Security, a startup that has received funding from the United States Department of Defense, found that more than half of all Android smartphones contain unpatched vulnerabilities.
“The stat is based on over 20,000 users who downloaded and ran the X-Ray mobile application on their device, and the current global distribution of Android versions,” said Jon Oberheide, CTO of Duo Security, in an email to InformationWeek.
Rather than scanning for malicious apps installed on the device, the company’s X-Ray program searches for and identifies known vulnerabilities in the mobile platform itself that are unpatched.
“As carriers are very conservative in rolling out patches to fix vulnerabilities in the Android platform, users’ mobile devices often remain vulnerable for months and even years,” Oberheide concluded.