More than half of Android phones have at least one flaw that could be exploited to take control of the device, research gleaned from a new app finds.
Duo Security, which launched the X-Ray app this summer, came to that conclusion after they analyzed the scan results from more than 20,000 Android devices on which X-Ray had been installed.
On Threatpost, the news blog of the anti-virus company Kaspersky Lab, security journalist Dennis Fisher said a big part of the problem stems from the way Android phones are updated.
Since each carrier independently decides when to push an operating system update, Android devices are updated haphazardly, with no uniform intervals between or specific dates for security fixes.
Duo Security co-founder Jon Oberheide, a well-known Android security expert, said he thought the "over half" estimate was a conservative one, given how ubiquitous the Google phone software has become and the number of various versions in use.
The X-Ray app, which is not available from the official Google Play store and must be downloaded directly from its dedicated website, lets Android owners run a search on their devices for known security flaws. But unlike virus-scanning software, which scans for malicious apps, X-Ray finds known flaws that haven't been patched.
Not only does this app help individuals take responsibility for their phone's security, it gives researchers crowd-sourced data to pore over that they wouldn't have access to otherwise.
"Carriers are very conservative in rolling out patches to fix vulnerabilities in the Android platform; users' mobile devices often remain vulnerable for months and even years," Oberheide said.