Over half of Android devices are vulnerable to known security flaws that can be exploited by malicious applications to gain complete access to the operating system and the data stored on it, according to a report from mobile security firm Duo Security.

This conclusion is based on scans performed during the last couple of months with X-Ray, a free Android vulnerability assessment tool developed by Duo Security. X-Ray scans devices for known privilege escalation vulnerabilities that exist in various versions of the mobile operating system.

"Since we launched X-Ray, we've already collected results from over 20,000 Android devices worldwide," security researcher Jon Oberheide, who is co-founder and CTO of Duo Security, said Wednesday in a blog post.

Privilege vulnerabilities can be exploited willingly by users in order to gain administrator (root) access on their devices and, for example, replace the firmware provided by the manufacturer with a custom-built one.

However, they can also be exploited by malware for malicious purposes and there have been multiple documented cases of Android malware that incorporated root exploits over the years.