Security firm Bit9 has pulled together what it calls its "Dirty Dozen" list, putting the Google Android operating system in the spotlight, with claims that an estimated 56 percent of Android phones in the marketplace today are running out-of-date and insecure versions of the Android.
[ Also on InfoWorld: Android malware explodes, jumps five-fold since July. | Learn how to manage your mobile devices in InfoWorld's 20-page Mobile Management Deep Dive PDF special report. | Keep up on key mobile developments and insights via Twitter and with the Mobile Edge blog and Mobilize newsletter. ]
SMARTPHONE SECURITY: Smartphones, virtualization seen as greatest security challenge: Ponemon survey
According to the Bit9 study published today, smartphone manufacturers Samsung, HTC, Motorola, and LG often launch new phones with outdated software right out of the box, and they are slow to upgrade these phones to the latest and most secure versions of Android. This heightens the risk of malware vulnerabilities or other types of attack, says Harry Svedlove, Bit9's chief technology officer, who notes detail about the "Dirty Dozen" research and its methodology is posted on the company's website for review.
"The value in this is raising awareness about something no one is talking about," Svedlove says, and that's the way that wireless service carriers and smartphone manufacturers fail to efficiently handle the process of software updates. "The challenge we had in the Android ecosystem is it's unbelievably fragmented," Svedlove says, adding, "From a security perspective, this eco-system is broken."
"All operating systems have vulnerabilities," Svedlove points out, but it's how quickly and effectively software gets fixed that matters. Bit9's analysis of the most vulnerable smartphones is based on criteria that includes looking at smartphones with the highest market share that were running out-of-date and insecure software and had the slowest update cycles.