Cambridge paper shows that LG is better than other OEMs when it comes to security

This ratio doesn't come as shocking news in the light of the recent Stagefright exploits, thought to affect nearly all Android smartphones currently at the time of their discovery. However, what's particularly interesting about this paper is that an analysis at the manufacturer level reveals that some companies do a better job at maintaining the cyber security of their smartphones.

After Stagefright was uncovered, the breadth of the exploits initiated a security-minded campaign among Android smartphone makers. Spearheaded by Google, who was the first to promise monthly Android security updates, the initiative was since adopted by major phone makers such as Samsung and LG. On the opposite side of the spectrum, HTC found that while the desire to improve the security of Android smartphones is admirable, monthly security are not a viable solution, pointing out to wireless carriers as the main bottleneck.

At the rate exploits are being uncovered in the Android ecosystem, timely patches for well-known bugs are crucial to the vulnerability of a device. According to the Cambridge researchers, however, the average Android smartphone only receives 1.26 security updates per year, which is well below the one-per-month ratio that Google and its partners are trying to achieve.

Although carriers are often blamed for being very slow to push out updates, it looks like smartphone makers could also improve on their response time. To compare the security levels offered by various smartphone makers, the team of Cambridge researchers came up with an intelligent composite score called FUM. This score has three components: the ratio of devices safe from known critical vulnerabilities, the ratio of devices updated to the most recent Android version, and the number of vulnerabilities that the manufacturer hasn't patched on any device.

The FUM scores, published at AndroidVulnerabilities.com, unsurprisingly reveals that devices from the Google Nexus family are generally less vulnerable to known exploits. It's the perfect example of how getting Android updates right from Google can help speed up the patching process. Out of the major smartphone makers, companies that actually manufacture their own devices, LG has the best FUM score, followed by Motorola, Samsung, Sony, HTC, and ASUS. 

You can browse for more details about known vulnerabilities for each manufacturer, and even contribute to the project by downloading an app that checks your smartphone for known bugs by heading over to the source link below.

source: Security Metrics for the Android Ecosystem