Google's LG-Built Nexus 5X
February's Android 6.0.1 Marshmallow security update now getting rolled out to Google Nexus 6P, 5X, 6, 5, 9, 7 and Google Pixel C. Google Store

The U.K.'s University of Cambridge has published a paper titled "Security Metrics for the Android Ecosystem," which found out that the security levels of Android devices vary vehemently depending on the OEMs that manufactured it. Speaking of security, Google’s Nexus devices seem to be the best Android lineup and LG is apparently the best smartphone maker.

The University of Cambridge reportedly scrutinized 20,400 Android devices from across the globe, looking for known security-related vulnerabilities. A team of Cambridge researchers consisting of Daniel Thomas, Alastair Beresford and Andrew Rice apparently discovered that almost 87 percent of all Android devices are susceptible to "at least one of 11 known critical vulnerabilities."

Meanwhile, Phone Arena reported that the infamous “Stagefright bug” unearthed recently, and was reported to have affected almost all Android handsets. But then, the silver lining is that some of the Android OEMs are "doing a better job" in making their devices secure.

When the Stagefright vulnerability was brought out, Google announced that Android devices across the globe will be receiving security updates every month. Even though, the proposed monthly security update is a herculean task, behemoths like LG and Samsung welcomed the search giant’s suggestion. However, HTC wasn’t very impressed, as the company thought, the initiative is impractical predominantly because of high dependence on the wireless carriers in rolling out the updates in phases. Not to mention, carriers have been criticized time and again for the slow roll out of firmware updates in the past.

The study also said that apart from the carriers, OEMs can also help in improving the security levels of their respective devices. In order to evaluate the security levels of handsets from Android OEMs, the Cambridge research team brought forth a new metric dubbed “FUM,” which stands for “Free, Update, Mean.” The Cambridge paper calculates the metric with the help of the three component definitions mentioned below:

  1. “Free” translates to – “The proportion of running devices free from critical vulnerabilities over time.”
  2. “Update” translates to – “The proportion of devices that run the latest version of Android shipped to any device produced by that device manufacturer.”
  3. “Mean” translates to – “The mean number of outstanding vulnerabilities affecting devices not fixed on any device shipped by the device manufacturer.”

Based on the computed FUM score, the Google Nexus lineup of devices is less vulnerable when compared to other Android devices. When it comes to OEMs, LG apparently amassed the best FUM score and this is followed by Motorola, Samsung, Sony, HTC, Asus and others.

Speaking of smartphones, a surprising device tallied the top score i.e. “Galaxy Nexus,” released in 2011. Interestingly, Google’s Galaxy Nexus was built by Samsung. This device is followed by Nexus 4 and Nexus 7, among others.