Google has confirmed that more than 40% of Android phones, over one billion devices, are now vulnerable to malware and spyware attacks. Phones running Android 12 or older no longer receive security updates, leaving users at risk.
Despite Google releasing new versions every year, the vast majority of Android phones in use today are still running software that’s already outdated. According to Forbes, just 57.9% of Android devices are on Android 13 or newer, highlighting how slowly critical updates reach users.
The most recent release, Android 16, is installed on only 7.5% of phones. Adoption drops sharply across earlier versions as well, with Android 15 running on 19.3%, Android 14 on 17.2%, and Android 13 on 13.9% of devices. Phones launched in 2021 or earlier are the most impacted by this lag.
Google is urging users to upgrade or replace devices that can’t support Android 13 or higher, warning that outdated software leaves phones exposed. In many cases, a newer mid-range handset with current software can offer stronger security than an older flagship stuck on unsupported versions.
While Google Play Protect continues to scan for malicious apps on devices running Android 7 and above, it cannot compensate for missing system-level security patches, updates that are essential for blocking advanced and targeted attacks.
