Despite some malware apps that make their way into the Play Store every once in a while, Android users are generally just fine. For most cases, it simply means using common sense, not installing apps with very few or very bad reviews, and not navigating to sketchy websites.
However, that's just one part of the whole equation. On your desktop or laptop, you get updates all the time to make your computer more secure, including security patches. It seems though that Android, thanks to the numerous versions still in use today, have various vulnerabilities. Duo Security, a company behind two-factor authentication, recently released an app called X-Ray which scans your phone for security vulnerabilities.
The company did some research over a six week period. From 20,000 scans performed, they found that over 50% of Android devices have unpatched security vulnerabilities. So what exactly is the problem? Well, as we've talked about before, there's a lot of versions of Android still in use today. With newer versions, Google has been able to patch various vulnerabilities, but with prior versions, security issues are still there.
For example, the research found that there were no unpatched vulnerabilities on two different Android 4.0 phones, but a phone running Android 2.3.7 was vulnerable to ZerhRush which allows an attacker to overwhelm a system and gain root access. When you consider that almost 60% of phones currently on the market run Gingerbread, that's a pretty big deal.
Still though, the mass majority of users will be unaffected by this. Android 4.0 is the second most used version of Android though so as it comes time for more people to upgrade to a new phone, they'll get access to Ice Cream Sandwich or even better, Jelly Bean.