Table of Contents
Highlights
- Android security risk affects over 1 billion devices, as phones running Android 12 or older no longer receive critical security updates.
- Google warns that the security risk to Android is increasing due to malware and spyware exploiting unpatched system vulnerabilities.
- Upgrading significantly reduces Android security risks, giving users stronger protection, better privacy, and long-term device safety.
According to Forbes, Google’s security advice for at-risk Android users and a new warning for millions of Samsung users are now being targeted by new attacks. According to the February 2026 Sentinel report, over 40 percent of Android smartphones worldwide no longer receive security updates, leaving more than 1 billion Android devices vulnerable to new malware and spyware attacks. Over 57.9 percent of active Android devices currently use Android 13 or newer, with full security updates available. Many devices are still running on outdated versions of Android, such as Android 12 or earlier.
About 57.9% of devices run Android 13 or later, which receive all security patches. Phones running Android 12 or earlier do not receive support from Google and will not receive further updates to address security issues.
No Longer Supporting Older Versions
Phones running Android 12 or earlier will no longer receive security updates from Google. Manufacturers and developers are no longer developing for those phones either, so if there is a new hole in the operating system, those devices will not get patched.
Security patches prevent hackers from exploiting holes in the Android operating system. If a phone doesn’t have any security updates, the phone is vulnerable to attacks like:
- spyware
- data being stolen
- malware infections or
- complex malware infections
Fragmentation of the Android Operating System
Hardware fragmentation is the biggest hurdle when securing Android. Android is used by many different brands, and each manufacturer controls how and when to update their own devices.
Because of this, there has been inconsistent support for device security over the years.
In most cases, mid-range and low-end devices will receive only a few years of security updates, or none at all.
Most devices running these versions of Android regularly miss critical security updates and are ultimately left out of the security loop. This makes it possible for even some of today’s most popular phones to become unsafe if they are not updated to the latest versions of Android.
Real-World Effects on Users
Increased Risk of Malware and Spyware
Devices that don’t receive regular updates are susceptible to exploitation of known vulnerabilities on those devices. This allows malware creators to steal users’ personal information, take control of their devices, and install unwanted software.
Insecurity Caused by a Fragmented Update Environment
Google’s many built-in tools, like Google Play Protect, still provide some protection for devices that have received security patches, which is important for increasing the likelihood of avoiding malware on older devices. However, the tools Google provides can’t provide the same level of protection for users against possible exploits that leverage the underlying operating system’s vulnerabilities as regular operating system security updates.
What Users Should Do
Check Your Android Version
Users can determine whether they are at risk by navigating to (Settings > About Phone) and determining their current Android operating system version. Devices running Android 12 and earlier are no longer receiving critical security patches and cannot update further.
Consider Upgrading Your Device
Google recommends that users of unsupported Android devices consider upgrading to a newer Android device that receives the latest security updates. It does not necessarily mean that the only way to accomplish this is to purchase a high-end Android phone.
Modern smartphones provide more protection than older devices that do not have up-to-date software.
Wider Context and Security Implications
The Android marketplace has had issues for a while regarding how long it takes for a new version of the operating system to be available and how that compares to the amount of time needed to receive a security patch after a vulnerability was discovered.
While ideally, every device would be running the most secure version of software available, this is not always the case in the real world because there are so many manufacturers and their policies are all different regarding what and when devices will receive the latest updates.
In comparison, manufacturers that control the software and hardware for their products tend to have a much better update cadence and scope of coverage than those that do not.
The flexibility of the Android model has contributed to its broad adoption; however, it has left a substantial group of users without sufficient protection from security risks.
Final Thoughts
The warning that Google issued regarding Android security highlights the importance of keeping all devices up-to-date to mitigate risk.
Currently, more than one billion devices are using old software without receiving necessary security updates, which could expose users to a significant risk of malware and spyware attacks. The fragmented nature of the Android ecosystem only complicates this problem further; however, being proactive by checking the version of the software and by upgrading devices that no longer receive support can significantly help to reduce exposure.
