With popularity comes the attention of the malware writers. Mix that in with hardware that doesn't get the software upgrades they require, and you've got a recipe of malware mayhem, according to new research.
Duo Security's released research which suggests that more than 50 per cent of the Android devices are vulnerable to malware. This isn't per se a question of people deliberately launching known dodgy apps or getting drive-by malware as much as it is the fact that so many Android devices either don't get updates that patch vulnerabilities because they're never updated, or that carriers are very slow to deliver the upgrades that are developed.
Duo Security gathered the data via its X-Ray vulnerability scanner; it appears to be a reasonable sample size of around 20,000 devices, and it reckons that the 50 per cent figure might be a bit on the cautious side anyway:
Yes, it’s a scary number, but it exemplifies how important expedient patching is to mobile security and how poorly the industry (carriers, device manufacturers, etc) has performed thus far. We feel this is actually a fairly conservative estimate based on our preliminary results, the current set of vulnerabilities detected by X-Ray, and the current distribution of Android versions globally.