Researchers have discovered that the greatest risk to Android devices comes not from the OS, but from the additional apps that are installed by manufacturers. The study found that of the number of vulnerabilities caused by manufacturers is anywhere from 64% to 85%.
The study examined the permissions used by pre-installed apps and looked for security bugs that could be exploited by third parties. Of the ten smartphones involved in the study, almost all the apps installed by manufacturers requested more Android permissions than were necessary for operation. This is turn creates more vulnerabilities in the system as it allows for a greater number of attack vectors.
Google’s Nexus 4 was deemed more secure simply because it doesn’t have as many stock applications installed. A situation that should be examined by manufacturers due to the current trend of stuffing as many new software features as possible into the latest flagship phones.