Sitting Ducks: Over Half of All Android Devices Have Unpatched Vulnerabilities

Malware targeting Android users is on a precipitous rise, and what's even scarier is that over half of all Android devices have unpatched vulnerabilities. That's according to Duo Security, a startup with funding from the Defense Advanced Research Projects Agency (DARPA). Duo Security issued its revelation after combing through data collected by its X-Ray app that performs a "vulnerability assessment" on Android devices by scanning for malicious apps.

Since we launched X-Ray, we’ve already collected results from over 20,000 Android devices worldwide," Duo Security said. "Based on these initial results, we estimate that over half of Android devices worldwide have unpatched vulnerabilities that could be exploited by a malicious app or adversary."

X-Ray for Android

A portion of the above statement is bolded by Duo Security, not us, for emphasis. The research firm called the statistic a "scary number," and said it underscores both how critically important expedient patching is to mobile security, and "how poorly the industry (carriers, device manufacturers, etc) has performed thus far." What's more, Duo Security says its figure represents a conservative estimate.

Ironically, the X-Ray app isn't available on Google Play; you have to download it from the X-Ray website, which means configuring your Android device to let you install apps from unknown source. That in and of itself is a potential security risk, depending on the user and his/her level of tech savvy.