Security Architecture, Endpoint/Device Security, Endpoint/Device Security, Security Strategy, Plan, Budget, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

Fragmentation-nation: only 1.2% of Android devices use latest OS

According to official figures from Google, Android Nougat 7.0 and 7.1 is currently in use on only 1.2 percent of Android phones.

Nougat is the latest major version of Android, and was released at the end of August 2016, just before iOS 10.

By comparison, Apple's iOS 10 is currently enjoying a 79 percent adoption rate.

That's a three-point increase over the adoption rate recorded at the start of the year, and less than six months since iOS 10 was first released to the public last September.

The most popular versions of Android are Lollipop 5.0/5.1 (with a combined 32.9 percent) and Marshmallow 6.0 (30.7 percent). For comparison, Lollipop came out in November 2014 and Marshmallow in October 2015.

The reason iOS 10's adoption rate is thought to be higher is that Apple makes its own hardware, and doesn't allow anyone else to manufacture phones that run the iOS operating system.

This makes the process of keeping iOS devices updated with the latest security patches a far simpler process, as it can just push out updates to phones the minute they are available.

Google however, sought to have the most used mobile operating system in the world, so it allowed anyone to create an Android phone without forcing manufacturers to keep the phones updated with the latest security patches.

Another issue is the vast array of Android devices which are available on the market; this level of fragmentation inevitably leaves Android devices open to security vulnerabilities which the owner might not be able to patch.

It is such a problem that Android fragmentation has been described as the reason Android devices are turning into “toxic hellstew of vulnerabilities.”

Thomas Fischer, threat researcher at Digital Guardian told SC Media UK: From a security standpoint, Google has publicly announced multiple times that it will no longer provide patches for security flaws in the older versions of Android. For the end user, this means that when a vulnerability is discovered, it won't be fixed. Devices running older OS are therefore left open to a range of attacks. For example, it could be possible to spy on the device or use man in the middle attacks on applications and web sessions. Attackers could gather passwords, personal bank information, company data, emails – in fact, almost anything stored on the device could be at risk.”


Fischer added: Other in-built device functions could also be compromised. For example there have already been reports of device cameras and microphones being used to snoop on the owners of the device. The lack of upgradability also poses problems for businesses using Android based devices. It means that not only do they need to be able to manage multiple versions of the OS and ensure that their security policies are compatible, but also any business apps running on these devices could be vulnerable. The only alternative would be to run a rather aggressive program of replacing all devices.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.