More than 2.5 billion smartphones are running either stock Android or some fork of Android. However, this also makes Android OS more vulnerable and one of the biggest targets of hackers.
A report from TheBestVPN notes that Android was the most vulnerable operating system (OS) in 2019. For the report, researchers crunched numbers from the National Vulnerability Database of the National Institute of Standards and Technology. Android topped the database with 414 vulnerabilities discovered in 2019.
However, other platforms weren’t too far away. Debian Linux was the second most vulnerable OS with 360 vulnerabilities discovered last year, followed by Windows Server 2016 and Windows 10 grabbing third and fourth positions respectively.
What’s more interesting in the report is that Linux dethroned Android when it came to the most vulnerable OS since 1999. Debian Linux counted 3067 vulnerabilities, while Android OS saw 2563 vulnerabilities since 1999.
Android is still safe
While the numbers appear daunting, they are nothing to be scared of. As Google tells Fast Company, the number of security issues fixed does not equate to how secure the platform is.
Meanwhile, Android is bound to have vulnerabilities, given its open-source nature.
“This is actually a result of the openness of the Android ecosystem working as intended.” a Google spokesperson told Fast Company.
The report notes that the number of vulnerabilities in Android has, in fact, gone down over the years. The smartphone OS faced 525 vulnerabilities back in 2018 and a whooping 843 vulnerabilities the year before.
Who’s to blame?
In the report, security researchers write that the pre-installed third-party applications in Android could be one big reason.
Back in January, over 50 privacy advocacy groups wrote an open letter to Google about the dangers of pre-installed applications, since these applications don’t go through the same screening process as other Play Store applications.
But apps are not entirely to blame; vulnerabilities also arise from the device maker’s end. For instance, Samsung recently introduced new security bugs when trying to make changes in Samsung Galaxy A50’s Android kernel.
In the end, it boils down to whether the smartphone is regularly receiving security updates. A recent report notes that more than a billion Android devices are at risk as they are running Android versions that no longer receive security updates.