Gal Beniamini, a leading security expert, and a member of Qualcomm’s Product Security Hall of Fame has reportedly suggested customers to only buy Nexus or Samsung devices. This is because nearly 57 percent of smartphones in the Android ecosystem not yet received the monthly security patch released in May, which is essential to fix a serious security vulnerability affecting all devices. Hence, the majority of Android devices are vulnerable to the exploit, which affects not only the device but also the privacy of the user.
Recently reported by Duo Labs, the security patches are not getting rolled out to the majority of devices in a timely manner despite efforts by Google, manufacturers including FTC and FCC.
Google had released a patch to address a security attack (CVE-2015-6639) in January 2016. This update was made immediately available to Nexus devices. However, Gal recently discovered another attack, which affects the full disk encryption in devices.
By exploiting CVE-2016-2431, the attacker will be able to navigate through the levels of trust and privileges, which enable them to access secret material. Even though Google had addressed the issue in the May security update, manufacturers are reluctant to release timely updates for their devices except Nexus and Samsung Galaxy.
Both Galaxy S6 and Nexus series have patched their devices up to 75 percent, which is significant because of a large user base of 5,00,000 phones. Galaxy S5, meanwhile, has also climbed the ladder to 45 percent from the previous 0.2 percent in January. According to sources inside Duo Labs, the current trend of rolling out periodical security updates at a rapid rate is impressive.
During the testing of a wide range of smartphones by Duo Labs, only Nexus and Samsung Galaxy devices demonstrated substantially enhanced security measures when compared to other competing devices. Hence, researchers like Beniamini are unable to recommended brands other than Nexus and the latest Samsung Galaxy devices from a security perspective.
While researchers recommended Nexus devices without any significant reservations, Samsung devices are also getting regular security updates of late and can be trusted. That being said, Duo Labs has suggested users to approach manufacturers to request for the release of patches, which is not feasible. By default, manufacturers should automatically monitor the security situation and release regular updates.