Vulnerabilities in the tech industry fell drastically over the course of 2019 and Android remains the most susceptible OS around. That’s based on research pooled by TheBestVPN and reported by Pocketnow. For Google’s mobile OS, the number fell by 199 vulnerabilities in 2019. That’s compared to a drop of 240 vulnerabilities from 2017 t0 2018.
Those figures, pulled from CVE Details security database, show a peak of 843 total vulnerabilities for Android in 2017. Prior to that, the number had risen dramatically from 2015 but remained mostly flat in the preceding years.
The cited National Institute of Standards and Technology’s National Vulnerability Database shows Android is presently the most vulnerable tech product around. But both that institute and the CVE Details chart show a marked decline in those vulnerabilities and in the tech industry overall.
What vulnerabilities are still plaguing Android?
The charts compiled by the CVE Details security database do note that Android no longer suffers from two vulnerabilities. Namely, those are XSS and SQL Injection vulnerabilities. Moreover, the remaining vulnerabilities are, as noted above, in decline. Android is still on the hook here as the most vulnerable though. And that’s not without good reason.
In 2019, one of the most commonly reported problems on Android related to apps gaining access to permissions to perform secondary malicious activity. For instance, that might be used to bypass security or access information. But, according to CVE Details, the number of “gain privileges” vulnerabilities in Android is reported as being just one. Vulnerabilities that allowed access to information or to “bypass something” fell in at just 16 and 30, respectively.
The bigger problems for Android though came in the form of unwanted code execution and overflow vulnerabilities. The figures listed for each were 89 and 34 vulnerabilities for those categories. A total of 35 Denial of Service vulnerabilities were found.
According to recent reports outside of the research, another study recently showed that as many as a billion Android devices on the market are still susceptible to even more vulnerabilities in 2019.
Those are handsets that are still in use and no longer receiving updates. Android devices, by way of Google’s policies, receive two years of OS updates and three years of security fixes. That includes fixes that patch up vulnerabilities.
In particular, that study points to devices running Android 6.0 Marshmallow or earlier variants of the OS. Some newer devices, non-flagships specifically, don’t follow Google’s policy exactly too. That’s led to some blowback, with advocates and studies calling for the search giant to make those rules mandatory. But, in the meantime, the trend is definitely downward.
The trend is definitely downward, for now
For the overall technology industry, the trend for vulnerabilities is also down. In 2016, the total number of vulnerabilities tipped the scales at just 6,447. By 2018, that figure had grown to 16,556. That’s compared to a sharp downturn in 2019, dropping the overall number of vulnerabilities to 12,174.
Android was the most vulnerable OS for three of the past five years, likely attributable to its open-source nature. For 2018, “Debian GNU/Linux” is noted as the most vulnerable with 1,197 vulnerabilities. Android took the top position in 2019 but also took it in 2017 and 2016. For 2015, Mac OS X was the most vulnerable.