An American security firm has released a report suggesting that, at least when it comes to security, Samsung’s Android-based devices and Google’s Nexus range have an edge over their competition.
DuoLabs claims that the majority of Android devices are at risk, due to a combination of lax-patching practices and a vulnerability tied to Qualcomm processors.
While the vulnerability itself was addressed in an Android software update released in May, many manufacturers and carriers have yet to roll out the fix.
“Of the Qualcomm-based phones seen by Duo, only 25% have applied the January 2016 (or later) monthly security update, leaving 60% of all Android phones vulnerable,” the report said.
Samsung and Nexus devices emerged as frontrunners, with both manufacturers committing to monthly patching practices after last year’s Stagefright vulnerability.
“With 75% of Galaxy S6s up-to-date, Duo Labs puts it up on the same pedestal as the Nexus series, which were also around 75% patched. Improvement in the security posture of the Galaxy S6 has a substantial impact on overall results, as it dominates our dataset of over 500,000 phones,” the report said.
DuoLabs also found that 27% of Android phones were actually too old to receive monthly updates, leaving users permanently at risk.
We reached out to DuoLabs for comment and spoke to Kyle Lady.
He who asserted that “there are still vulnerable phones sitting on retail shelves” and pegged the number of Android users unable to receive security updates at roughly 378 million.
He also noted that “It’s hard to know whether, once a monthly update is published to carriers, the carriers push it out.”
“As such, we can’t prove easily prove that the manufacturers have been the source of the delay/existence of monthly patches.”
A similar report by the The University of Cambridge issued last year found 88% of Android devices (of the 20,000 surveyed) had not been patched against one or more critical vulnerabilities.
