A study from the University of Cambridge has highlighted just how dire the Android security situation is, reporting that 87.7% of all Android devices are "exposed to at least one of 11 known critical vulnerabilities."
The study used data collected through the Device Analyzer app, which has been available on the Google Play Store since 2011. Over 20,000 users opted to give their Android version and build numbers to the researchers daily, which allowed the group to make some conclusions about how secure the devices were over time.
Devices were categorized into one of three categories: "insecure", meaning it wasn't patched against at least one vulnerability; "secure", meaning it was patched from all vulnerabilities; and "maybe secure", indicating the device could have received a backported fix for the security holes.
From the graph of the group's findings, all Android devices became insecure after a critical vulnerability was discovered, with a steady increase in patched devices after each discovery. Android appeared to be the most secure during the early parts of 2013, with consecutive discoveries pushing most devices into the "insecure" category in the years that followed.
As expected, the researchers blamed slow updates for the huge percentage of vulnerable Android devices, saying that some manufacturers simply "fail to provide updates to fix critical vulnerabilities".
The researchers also gave each manufacturer a security rating, with Google's Nexus smartphones scoring the best due to a high proportion of secure devices on the market. The second best manufacturer was LG, followed by Motorola, Samsung, Sony and HTC in that order.
Some popular brands weren't included in the survey, such as Huawei, Xiaomi and Lenovo, though that could be due to the fact that Chinese owners of these handsets couldn't download the Device Analyzer app. Considering these brands aren't known for speedy updates, the true proportion of vulnerable Android devices could be even higher than 88%.