After looking for known security vulnerabilities in 20,000 Android devices, Cambridge researchers Daniel Thomas, Alastair Beresford, and Andrew Rice found that about 87% of all Android smartphones are currently exposed to at least one known security bug.
After Stagefright was uncovered, the breadth of the exploits initiated a security-minded campaign among Android smartphone makers. Spearheaded by Google, who was the first to promise monthly Android security updates, the initiative was since adopted by major phone makers such as Samsung and LG. On the opposite side of the spectrum, HTC found that while the desire to improve the security of Android smartphones is admirable, monthly security are not a viable solution, pointing out to wireless carriers as the main bottleneck.
At the rate exploits are being uncovered in the Android ecosystem, timely patches for well-known bugs are crucial to the vulnerability of a device. According to the Cambridge researchers, however, the average Android smartphone only receives 1.26 security updates per year, which is well below the one-per-month ratio that Google and its partners are trying to achieve.
The FUM scores, published at AndroidVulnerabilities.com, unsurprisingly reveals that devices from the Google Nexus family are generally less vulnerable to known exploits. It's the perfect example of how getting Android updates right from Google can help speed up the patching process. Out of the major smartphone makers, companies that actually manufacture their own devices, LG has the best FUM score, followed by Motorola, Samsung, Sony, HTC, and ASUS.