Android models dominate 'Dirty Dozen' list of unsafe smartphones

Android can boast its strength in numbers since topping their Apple competitors in smartphone sales back in March, but a recent study is bound to serve up the OS developers with a little humility.

The 'Dirty Dozen' list of the market's most unsafe smartphones consists solely of Android models. Researchers at Bit9 have convicted 12 such devices of posing the highest privacy and security risks to its users.

Here's how the troubled Android models stack up:

1. Samsung Galaxy Mini
2. HTC Desire
3. Sony Ericsson Xperia X10
4. Sanyo Zio
5. HTC Wildfire
6. Samsung Epic 4G
7. LG Optimus S
8. Samsung Galaxy S
9. Motorola Droid X
10. LG Optimus One
11. Motorola Droid 2
12. HTC Evo 4

The study weighs three major factors that pertain to smartphone safety: market share, out-of-date software and the time it takes to receive updates. Despite a dominating market presence, Android's struggle with the latter two seemed to shock the researchers just as much as it's sure to astonish the millions of Android users.

"What was surprising for us was really the extent of the chaos and the fragmentation that exists in the Android ecosystem itself, and the way that the Android smartphones are distributed and more importantly, the way that security updates are done," shares Bit9 CTO Harry Sverdlove in a PC World story.

Researchers found nearly 60 per cent of Android phones currently run on out-of-date versions of the popular operating system, increasing the risk of leaving personal and business data accessible to hackers. And while the study's researchers were taken back, not all were shocked to hear of Android's security woes.

"Given the ongoing malware threat to the Android platform, it comes as no real surprise to learn that phones running the OS make up every spot on the list of the twelve most vulnerable devices," explains Kerry Butters in a Tech Watch story, alluding to the rapid growth in mobile malware since July.

Making matters worse is the disturbing state of some Android phones straight out of the box. In a few cases, researchers encountered brand new devices running on software as old as 300 days.

"If there are vulnerabilities and you're sitting on a phone that hasn't been updated for six months, that's an eternity for a hacker," reveals Sverdlove. "All that time, you're that much more at risk of being infected, of having your personal information stolen, of becoming a victim to some sort of malicious activity."

Sverdlove explains that vulnerabilities exist in all software, and the existence of a bug or two is not what spawned Android's 'dirty dozen.'

"Apple and its iOS has as many vulnerabilities in terms of what's been reported as does Android," says Sverdlove. "The challenge isn't so much to create perfect software, but to know the vulnerabilities and, more importantly, to be able to update the software, to be able to respond to them quickly."

Apple's advantage lies in its ability to push software updates to all of its mobile devices simultaneously. On the other hand, Android users must rely on smartphone manufacturers and mobile carriers for pushing software updates.

"Of the top three Android manufacturers--Samsung, HTC, Motorola--Samsung is the worst offender by far, then HTC, then Motorola," revealed Sverdlove in an interview with Information Week. "So Motorola, for what it's worth, was the best at maintaining their updates."

Sverdlove believes changes must be made to the entire ecosystem in order to strengthen the security of the Android platform.

"The manufacturers and carriers have to start relinquishing control of the operating system to the software vendors," he explains. "There's too many cooks in the kitchen. It's like buying a PC from Dell and expecting Dell and Comcast to be responsible for your Windows updates."

(Napcac.org photo)