A few months ago, Duo Security released X-Ray, an app that performs a “vulnerability assessment” – scanning for known, yet unpatched, vulnerabilities in Android.
The first results are in, and they suggest that over half of Android users have unpatched vulnerabilities. God, no!
Rather than scanning for malicious apps, X-Ray looks for known problems in the Android platform itself. In the worst case, Duo Security suggests that the vulnerabilities could be used to take “full control” of a user’s phone.
So next time you look at your Android handset, don’t be surprised if you see some guy in China sitting playing Angry Birds and sending dirty texts to your aunt. Er, remotely, of course.
“The stat is based on over 20,000 users who downloaded and ran the X-Ray mobile application on their device, and the current global distribution of Android versions,” yelled Duo Security’s Jon Oberheide in an email to Information Week.
“As carriers are very conservative in rolling out patches to fix vulnerabilities in the Android platform, users’ mobile devices often remain vulnerable for months and even years.”
Amusingly, X-Ray isn’t available from Google Play. It can only be downloaded directly from Duo Security, which entails allowing your device to install non-Google Play apps. Fantastic stuff.