While Google provides patches for Android, there are currently around 60,000 unique Android models in the wild. Android device makers generally target the most popular devices for patching - such as Samsung's Galaxy line, and LG's flagships. Still, the vast majority of models never receive a security or operating system update.
Duo Labs' Anise told CSO Australia in an email that its report included Nexus devices and that it defined eligible phones in line with Google's Android patch support, covering Android 4.4.4 and higher. It did exclude phones between version 4.4 and prior to 4.4.4, even though the devices can technically be upgraded to a supported level.
And it does appear that Huawei's Nexus 6P influenced Duo Security's results, providing more evidence that Google's patching of Nexus devices are more effective than devices controlled by Android partners.
"The majority of the Huawei devices that we saw in our dataset were Nexus 6Ps, but the other devices that were eligible were the Ascend Mate 2, 'Angler' Nexus, and G7," said Anise.
Google stepped up its patching efforts in mid-2015 after security researcher Joshua Drake reported the first of a series of critical bugs in the Android Stagefright library, which processes media files. Around 95 percent of Android devices were vulnerable to the first Stagefright bugs.
According to a recent Bloomberg report, Google was considering naming and shaming Android partners that don't deliver its security updates to devices. The company's head of Android admitted patching was the weakest link in Android security. Bloomberg sources said Google's discussions about patching were trickier with carriers than handset makers.
Source : CSO Australia
Sign up for Computerworld eNewsletters.