With nearly six in 10 Android phones running an insecure operating system, there's little surprise that the smartphones fill all 12 slots in security vendor Bit9's latest list of the most vulnerable mobile devices.
Leading the list released Monday is the Samsung Galaxy Mini, with the HTC Desire and Sony Ericsson Xperia X10 filling out the top three, respectively. The Apple iPhone 4 just missed making Bit9's "Dirty Dozen" list. The smartphone came in at 13, as an honorary mention, the vendor said.
A major reason for Android's security problem is manufacturers releasing product with outdated versions of the Google-created OS. The study found that Samsung, HTC, Motorola and LG were guilty of releasing products without updating the OS.
Making matters worse, the manufacturers are slow to upgrade once the devices are in the hands of consumers, and sometimes don't update the OS at all, preferring instead to focus on newer models, Bit9 said.
Fully, 56 percent of Android phones in the market today are running out-of-date and insecure versions of Android, the company reported. As a result, the phones pose a serious security threat, as consumers use the devices to store personal information and make purchases. "This is the new security frontier," Harry Sverdlove, chief technology officer for Waltham, Mass.-based Bit9, said in a statement.
Cybercriminals are well aware of the vulnerabilities in Android. Sunnyvale, Calif.-based Juniper Networks reported last week that the amount of Android-targeted malware had more than quadrupled since July.
The remaining top 12 Android phones rated the most insecure by Bit9, in order starting with number four Sanyo Zio, were HTC Wildfire, Samsung Epic 4G, LG Optimus S, Samsung Galaxy S, Motorola Droid X, LG Optimus One, Motorola Droid 2 and HTC Evo 4G.
In rating phones, Bit9 considered phones with the highest market share that were running out-of-date and insecure software and had the slowest update cycles.