Android users have numerous options when it comes to devices, with a varied combination of specifications, features, and different device budgets. We are spoiled by choice, but this confuses users when it comes to features that cannot be easily measured and compared. Take, for instance, the Android Security status. The current state of Android security is far from perfect, and the situation becomes even more complex across different OEMs and different regions. So if you had to compare two different OEMs on how well they have delivered security updates across their portfolio, the answer may not be easily found. A group of researchers has taken it upon themselves to remedy this situation by building a database of Android devices focusing on their overall security level.
At the virtual Android Security Symposium 2020 event, a group of researchers including Mr. Daniel R. Thomas, Mr. Alastair R. Beresfor, and Mr. René Mayrhofer presented a talk called the “Android Device Security Database”.
We recommend watching the talk to get a better idea of the intents and purposes of the database, but we will also do our best in encapsulating the information below.
The purpose behind the Android Device Security Database is to “gather and publish relevant data about the security posture” of Android devices. This includes information on attributes like the average patch frequency, the guaranteed maximum patch delay, the latest security patch level, and other attributes. The database currently includes smartphones like the Samsung Galaxy S20 (Exynos), Nokia 5.3, Google Pixel 4, Xiaomi Redmi Note 7, Huawei P40, Sony Xperia 10, and more.
The talk brings up the issue of how smartphone OEMs currently have little in terms of motivation and quantifiable incentive to provide quick and relevant security updates across their smartphone portfolio. Smartphone after-sale support is still centered around the limits of Android version updates and device repairs—and overall device security is not given much importance. Security updates aren’t a metric that a marketing department can easily “sell” to most end consumers for future smartphones, so performance in this area remains lacking. And because of the huge variety of smartphones released and the innumerable updates to them over the years, collecting and quantifying this data is also a gargantuan task. For instance, Samsung has been doing very well in terms of providing security updates to its existing portfolio of devices, like the Galaxy S10, Galaxy Z Flip, Galaxy A50, Galaxy Note 10 series, Galaxy A70, and the Galaxy S20 series—but there are still so many more devices left to assess and a larger security update progress chart is also missing to provide historical context.
The Android Device Security Database tries to fix this in a way. Back in 2015 when a similar initiative was undertaken, the team had measured the security of Android devices and given them a score out of 10. The old approach had a few limitations, as it focused heavily on assessing whether a device was susceptible to known vulnerabilities or not. The older approach did not consider other aspects of device security, so the current approach attempts to take a much more holistic look at overall device security.
At the virtual Android Security Symposium 2020 event, a group of researchers including Mr. Daniel R. Thomas, Mr. Alastair R. Beresfor, and Mr. René Mayrhofer presented a talk called the “Android Device Security Database”.
We recommend watching the talk to get a better idea of the intents and purposes of the database, but we will also do our best in encapsulating the information below.
The purpose behind the Android Device Security Database is to “gather and publish relevant data about the security posture” of Android devices. This includes information on attributes like the average patch frequency, the guaranteed maximum patch delay, the latest security patch level, and other attributes. The database currently includes smartphones like the Samsung Galaxy S20 (Exynos), Nokia 5.3, Google Pixel 4, Xiaomi Redmi Note 7, Huawei P40, Sony Xperia 10, and more.
The talk brings up the issue of how smartphone OEMs currently have little in terms of motivation and quantifiable incentive to provide quick and relevant security updates across their smartphone portfolio. Smartphone after-sale support is still centered around the limits of Android version updates and device repairs—and overall device security is not given much importance. Security updates aren’t a metric that a marketing department can easily “sell” to most end consumers for future smartphones, so performance in this area remains lacking. And because of the huge variety of smartphones released and the innumerable updates to them over the years, collecting and quantifying this data is also a gargantuan task. For instance, Samsung has been doing very well in terms of providing security updates to its existing portfolio of devices, like the Galaxy S10, Galaxy Z Flip, Galaxy A50, Galaxy Note 10 series, Galaxy A70, and the Galaxy S20 series—but there are still so many more devices left to assess and a larger security update progress chart is also missing to provide historical context.
The Android Device Security Database tries to fix this in a way. Back in 2015 when a similar initiative was undertaken, the team had measured the security of Android devices and given them a score out of 10. The old approach had a few limitations, as it focused heavily on assessing whether a device was susceptible to known vulnerabilities or not. The older approach did not consider other aspects of device security, so the current approach attempts to take a much more holistic look at overall device security.
