‘Dirty Dozen’ least secure smartphones – all Android

First, get ready with a pinch of salt, as security companies sounding alarms about security can be self-serving. Vested interest, and all. But Bit9, an enterprise security firm specialising in threats from end-point devices, has released a report analysing the security risks of smartphones – and blames the fact that the ‘Dirty Dozen’ are all Android phones on handset manufacturers being so slow on software updates, and ‘end of lifing’ devices when they’re still current in the market.

Together with the obligatory infographic, Bit9 found that the Top 12 most insecure smartphones were:

Samsung Galaxy Mini
HTC Desire
Sony Ericsson Xperia X10
Sanyo Zio
HTC Wildfire
Samsung Epic 4G
LG Optimus S
Samsung Galaxy S
Motorola Droid X
LG Optimus One
Motorola Droid 2
HTC Evo 4G

iPhone users, stop smirking, Bit9 gave the iPhone 4 an older an ‘honoury 13th place’ for insecurity.

The bottom line of the research is not that Android is insecure – it’s very secure if current – it’s that handset manufacturers are taken a year to 18 months to roll out upgrades, and many popular phones still on the market are not getting updates to Android 2.3.3. On average handset manufacturers push out updates when Google releases new versions of Android within six months – with Motorola being the fastest and Samsung the slowest. Blog post here.

Critics of the report may be quick to point out that around half these devices are officially “end of life” – but Bit9 surveyed the top 20 most popular handsets in the US market. This is the nub of the problem – handset manufacturers end-of-life phones after as little as a year to be replaced by newer models, even though they are still very much still available for purchase and are still being used. Within a year or so of being end-of-lifed, the phones become ‘obsolete’ with few or no software updates – or roughly the time the average two year contract ends.

Add to this the insecure nature of the Android Market, which according to Juniper Networks saw a five-fold increase in malware and booby-trapped apps between July and November (472%).

Google’s open source programme manager, Chris di Bona, wasted no time in coming back with a rant accusing security software companies of being “charlatans and scammers”, and that mobile phone malware rarely or never leads to “a virus problem’.

This may be somewhat true – but this is not the main security issue for mobile phone users – it’s malware that leaks private information via dodgy apps, or triggers downloads or other connections that cost the user money.

Roger Hislop


Sign up to our newsletter to get the latest in digital insights. sign up

Welcome to Memeburn

Sign up to our newsletter to get the latest in digital insights.