Nearly 90 percent of Google's Android devices have been exposed to critical vulnerabilities, according a new study.
"Unfortunately something has gone wrong with the provision of security updates in the Android market," according to the study, which researchers from the University of Cambridge presented this week at the 2015 ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices held in Denver.
Three attack vectors were analyzed for the study: Installation, dynamic code loading and injection. The first two involve the installation of malware through malicious applications or software that users download, while the third refers to the injection of malicious code directly into existing code on a device through a website.
Out of 32 known vulnerabilities, the authors selected 11 particularly virulent exploits to conduct their analysis, and found "on average 87.7% of Android devices" were vulnerable. "Using a corpus of 20,400 devices we show that there is significant variability in the timely delivery of security updates across different device manufacturers and network operators," the researchers wrote.
However, they noted, "This does not mean these devices are attacked, but that they are vulnerable. The likelihood of a successful attack then depends on what apps the user installs and where from, as well as the computer networks the device is connected to and the actions the user takes whilst connected."