Over 850 million Android devices still vulnerable to Stagefright
Back in July 2015, Zimperium discovered the set of vulnerabilities in libstagefright, a flaw widely known as Stagefright. Shortly after announcing this, they also launched a free app called Stagefright Detector. Google and third parties promised to release patches that take care of this issue and they now release monthly security updates. Unfortunately, it looks like many handsets are still exposed.
According to Zimperium, "most users are still not receiving any updates" and, by scaling the statistics obtained from the more than half a million users who downloaded Stagefright Detector, their conclusions end up being quite scary. They write that "Scaling our statistics to the global status of all Android users, we estimate that between 599.76 million and 856.8 million devices are currently vulnerable to CVE-2015-3864."
The main cause for the existence of so many insecure Android devices is the fragmented nature of the ecosystem. While Google and most big names in the smartphone industry update their Android handsets on a regular basis, most of the low-cost brands usually launch their devices and "forget" about supporting them with software updates for at least one year.