LG Top OEM for Issuing Security Patches to Its Android Devices: Report

In the light of the recent Stagefright vulnerabilities for Android, a report states that out of all the OEMs LG is best at offering security updates for its devices. The University of Cambridge, UK has released a research paper defining FUM (Free Update Mean) scores, based on which different OEMs including LG have been ranked.

As per the researchers, FUM scores include three segments - the proportion of devices free from vulnerabilities over time, the proportion of devices that run the updated version of Android, and the mean number of vulnerabilities the manufacturer has not fixed on the device.

Based on FUM scores published at Android Vulnerabilities website, LG is on top with the score of 4.0, followed by Motorola (3.1), Samsung (2.7), Sony (2.5), HTC (2.5), Asus (2.4), Alps (0.7), and worst being Symphony and Walton at 0.3. While this was for OEMs, Google's own Nexus devices remain ahead of the game at 5.2 FUM score.

The University of Cambridge research paper however, has added that about 87 percent of all the Android smartphones are exposed to at least one of the known vulnerabilities. The average Android smartphone receives 1.26 security updates each year, something which contradicts the per month update OEMs promised couple of months ago when the Stagefright vulnerability came into spotlight - of course, with the more frequent rollout promised, this may change soon.

The study also puts the recent comment made by the HTC USA President Jason Mackenzie in new light. Mackenzie last week tweeted that pushing out monthly security updates to all the HTC smartphones is 'unrealistic'.

For those unaware, LG, Google and Samsung in August promised monthly updates to fix the Stagefright vulnerability in all their smartphones. Sony, Motorola, and OnePlus and other companies have also rolled out updates.

While the companies are still rolling out the Stagefright vulnerability fix to devices, security experts earlier this month found a new Stagefright 2.0 vulnerability as well. The newer version of the bug can also affect devices running OS versions below Android 5.1 Lollipop. Unlike the previous Stagefright bug, the Stagefright 2.0 can enter any device in the form of mp3 or mp4 file instead of a MMS text.