A report from mobile defense specialists Skycure has identified that 71 percent of Android users have security patches that are at least two months out of date, leaving them at risk of data breaches and malware.
The study analyzed patch updates from the leading five wireless mobile carriers in the US: AT&T, MetroPCS, Sprint, T-Mobile, and Verizon. Unlike Apple, which has a “rapid adoption” of security updates due to their tightly integrated software, hardware, and distribution mechanism, Google’s Android phones support multiple different hardware platforms and components, with phones made by many different companies. Each carrier must then create their compatible version of Google’s monthly security patches, resulting in the adoption of the latest patches taking two months on average. Six percent of users have patches that are six months old or more.
While security patches lag, more malware is developed and more exploits will be discovered, leaving the majority of users at risk of attack by malicious software. In fact, the amount of known Android vulnerabilities in 2016 was more than four times the number of 2015. Around 50 percent of these exploits related to excessive privileges granted to applications; others discovered include memory corruption and arbitrary code execution.
Regarding carrier differences, Skycure reported that AT&T users were ten times more likely than anyone else to have the most recent Google security update installed. On the other end of the scale, phones using MetroPCS had the highest percentage of devices with security patches dating back three months or more.
“Malware, network attacks and advanced exploitation campaigns many times depend on unpatched vulnerabilities to be successful,” says Yair Amit, Co-founder and CTO of Skycure. “It’s essential that users and companies know the moment that a device is able to remove these risks to reduce the window of vulnerability. That’s why we built this capability directly into Skycure and why we have a focus so heavily on security research. The only way to beat the bad guys is to be one step ahead of them.”