"X-Ray doesn't look for malicious apps, as some existing security scanners do, but instead searches for a set of known vulnerabilities in the core Android operating system, some of which have been used in the wild by malware and attackers," writes Threatpost's Dennis Fisher. "Many of the bugs are still unpatched on Android devices sold by the major carriers, and the average, non-technical user likely has little idea that the vulnerabilities exist or what can be done with them."
"X-Ray has detailed knowledge about a class of vulnerabilities known as 'privilege escalation' vulnerabilities," the app's Web site explains. "Such vulnerabilities can be exploited by a malicious application to gain root privileges on a device and perform actions that would normally be restricted by the Android operating system."
"The app collects information on the vulnerability, device model, version of the operating system, and carrier information," writes Dark Reading's Robert Lemos. "Duo Security hopes to discover the size of the vulnerable Android population and how long devices in different regions remain vulnerable to known flaws. X-Ray will also be able to discover whether the manufacturers and carriers have reintroduced flaws during regularly scheduled updates."