According to recent research, the majority of Android devices are running security patches that are months old, leaving users vulnerable to attacks. Mobile security company Skycure released the findings of its Q4 2016 Mobile Threat Intelligence Report, revealing that over 70 percent of Android phones lack the latest security patches. The company evaluated Android devices running on the five largest U.S. carriers, including AT&T, Verizon, Sprint, T-Mobile and MetroPCS. “We took a snapshot in the first week of January 2017 and looked for patches that were released across 2016,” explained Skycure in the report. “The most recent security patch was only adopted by a very small percentage of the population, having just been released, but AT&T users were up to 10 times more likely to have this latest patch already installed,” the report noted.
Skycure said that carriers are ultimately responsible for how quickly their users update their devices. The report added that Google’s Android saw a massive surge in identified vulnerabilities in 2016 – with a greater than four times increase over 2015. Nearly half of those flaws allowed excessive privileges, while other vulnerabilities allowed for leaked information, corrupted memory or arbitrary code execution, Skycure said. In a separate report, Google recently acknowledged similar findings, stating that half of all Android devices had not received a security update in the last year. However, as Adrian Ludwig and Mell Miller of Android's Security Team explained in a company blog post, Google has made some continuous improvements to help keep users more secure. "In 2016, we improved our abilities to stop dangerous apps, built new security features into Android 7.0 Nougat, and collaborated with device manufacturers, researchers, and other members of the Android ecosystem," wrote Ludwig and Miller.
"Security updates are regularly highlighted as a pillar of mobile security—and rightly so. We launched our monthly security updates program in 2015, following the public disclosure of a bug in Stagefright, to help accelerate patching security vulnerabilities across devices from many different device makers. This program expanded significantly in 2016," they added.
Meanwhile, the tech giant’s biggest rival Apple states 79 percent of devices are running iOS 10 as of last month.