As more companies allow the use of personal devices for work, mobile security is becoming a bigger concern for IT. And recent research has some bad news about the security of popular Android smartphones and tablets:
The majority of Android devices run versions of the operating system that are vulnerable to serious mobile security threats, according to a recent report from mobile security firm Duo Security.
Duo Security is the developer behind X-Ray, a free mobile security app released at this year’s Black Hat conference. X-Ray scans an Android smartphone or tablet to look for a series of known vulnerabilities that may have been left unpatched on the device. If not patched, those vulnerabilities could be exploited by malware to steal data or take control of a device.
The app also reports its findings back to Duo Security. And based on a recent analysis of information from over 20,000 smartphones and tablets, the developer says that more than half of Android devices have unpatched flaws that could make them vulnerable to mobile security attacks.
Even worse, Duo Security says that’s likely a conservative estimate, since people using X-Ray are likely to be more security-conscious than the average smartphone user, and there could be other vulnerabilities out there not detected by the app.
BYOD and mobile security
Why do so many Android devices have unpatched mobile security vulnerabilities? According to Duo Security, the problem is two-fold: First, manufacturers and cellular carriers are often slow to push software updates, especially for older devices. And second, users don’t always stay on top of installing updates that are released.
In companies that support BYOD programs and allow Android devices, IT will want to do what it can to fix the later problem. That could include using mobile device management (MDM) software to push updates, and creating policies requiring a device to run the most recent available version of its operating system.
And as for carriers and manufacturers that don’t patch vulnerabilities, Duo Security recommends contacting them and reporting discovered vulnerabilities and urging them to release updates.