Home - Android Vulnerabilities

Scores out of ten

Nexus devices	5.76 (best)
LG	4.53
Motorola	3.34
Samsung	2.81
Sony	2.78
Asus	2.61
HTC	2.6
alps	0.726
Symphony	0.309
walton	0.272 (worst)

Calculating the score

We developed the FUM score to compare the security provided by different device manufacturers. The score gives each Android manufacturer a score out of 10 based on the security they have provided to their customers over the last four years.

The score has three components:

f: the proportion of devices free from known critical vulnerabilities.
u: the proportion of devices updated to the most recent version.
m: the number of vulnerabilities the manufacturer has not yet fixed on any device.

Further details.

Help us, install Device Analyzer

We are only able to produce these scores due to the contributions made to Device Analyzer by members of the public. If you have an Android device you can install the Device Analyzer app and provide researchers with additional data on which devices are secure. Device Analyzer follows best practices in privacy preservation.

If you have information about a vulnerability not listed on this site then you can submit it.

If you have MDM data and want to know which devices used by your organisation are vulnerable then we can help: contact us.

Vulnerabilities and papers

We are collating all critical vulnerabilities in Android and storing this information in a machine readable format (json). We are only tracking critical vulnerabilities which an app could exploit. These are vulnerabilities that allow an app (malicious or compromised) to either gain root or gain privileges which can then be used to obtain root.

List of vulnerabilities

Published papers

Security metrics for the Android ecosystem by Daniel R. Thomas, Alastair R. Beresford and Andrew Rice in ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM) 2015
The lifetime of Android API vulnerabilities: case study on the JavaScript-to-Java interface by Daniel R. Thomas, Alastair R. Beresford, Thomas Coudray, Tom Sutcliffe and Adrian Taylor in the Proceedings of the Security Protocols Workshop 2015

Press releases

Thursday 8th October 2015: 87% of Android devices insecure - Manufacturers fail to provide security updates
Light Blue Touchpaper: 87% of Android devices insecure because manufacturers fail to provide security updates

Press coverage

ZDNet: Android security a 'market for lemons' that leaves 87 percent vulnerable
Arstechnica: University of Cambridge study finds 87% of Android devices are insecure
The Register: Android users left at risk... and it's not even THEIR FAULT this time!
Silicon Angle: The elephant in the room: Study confirms Android devices vulnerable due to lack of patches
Phone arena: Cambridge paper shows that LG is better than other OEMs when it comes to security
Digital Journal: 90% of Android devices left exposed to critical vulnerabilities
The Sydney Morning Herald: 9-out-of-10 Android phones are insecure, and manufacturers are to blame
Digital Trends: "Google-commissioned security report paints a bleak picture of Android" (Note: Google did not commission this report, they funded work on Device Analyzer which we used in this analysis)
Silicon Republic: 87pc of Android devices wildly insecure â€” report
Forbes: The Dangerous Vulnerabilities Hiding In The Heart Of Android
Gadgets 360: LG Top OEM for Issuing Security Patches to Its Android Devices: Report
Android Headlines: AH Primetime: Cambridge University Analyze Android Security Risk
Engadget: Most Android phones are vulnerable due to lack of security patches
Threatpost: Researchers Find 85 Percent of Android Devices Insecure
Guardian: Security is the loser in the holy war between Android and Apple

Nov	DEC	Jan
	02
2015	2016	2017

AndroidVulnerabilities.org