Android reportedly had the most vulnerabilities of any OS in 2019 and that’s fine

Android is generally considered a fairly secure operating system, but it seems vulnerabilities of varying sizes crop up all too often. Now, a report is claiming that Android had the most security vulnerabilities of any OS in 2019 but that’s totally fine.

A report from TheBestVPN tallies up the number of disclosed security vulnerabilities on various platforms including Linux, Windows, and Google’s Android. Unfortunately for Android, it was at the top of the list with 414 vulnerabilities discovered in 2019. This data was captured from the National Institute of Standards and Technology’s National Vulnerability Database.

Android wasn’t too far ahead of other platforms, with Debian Linux just behind at 360 and Windows 10, Adobe Acrobat, cPanel, and Windows 7 not too far behind either. What’s notable for Android, too, is that these numbers are actually going down. In 2017, for example, a whopping 843 vulnerabilities were discovered and 525 the year before.

Over its lifetime, 2,563 vulnerabilities have been discovered in Android.

TheBestVPN blames this, at least in part, not on Android itself, but due to pre-installed Android applications that have more high-level permissions, with one such issue popping up in November of last year.

In a statement to Fast Company, a spokesperson from Google for Android said regarding this report, emphasis our own:

We’re committed to transparency and release public security bulletins monthly on issues that have been fixed in Android to harden the security of the ecosystem. We disagree with the notion that measuring the number of security issues fixed in an OS is any indication of the security of the platform. This is actually a result of the openness of the Android ecosystem working as intended.

Realistically, this number shouldn’t scare users all that much. Many vulnerabilities on Android devices stem from changes device makers or even component makers on the platform. For example, a recent severe exploit affecting millions of Android devices with MediaTek chipsets was not due to Android itself, but rather a flaw in third-party CPU firmware. Notably, these Android vulnerabilities also range wildly in severity, so some may not have a bad impact for end users or have ever been exploited.

If anything, this entire report just emphasizes how important it is to buy an Android device that gets regular security patches. In its monthly patches, Google patches all sorts of vulnerabilities, so it’s important to stay up to date. In that regard, Google’s own Pixel series and Samsung’s smartphones — even the cheap ones(!) — are generally the best for getting regular security patches.

The open nature of Android has a lot of benefits, but vulnerabilities like these are one downside. This is also why Apple’s iOS wasn’t on the list.