Google has issued a serious cybersecurity alert for Android users worldwide, warning that more than 40% of Android smartphones are currently operating on outdated software and no longer receive regular security updates. As a result, over one billion devices are now highly vulnerable to malware and spyware attacks.
According to information cited by Forbes, phones running Android 13 or earlier versions face the highest risk, as monthly security patches for these systems have been discontinued. Cybercriminals are increasingly exploiting these gaps, making such devices easy targets for hacking, data theft and digital surveillance.
Cybersecurity experts describe this as one of the largest vulnerability clusters currently affecting global smartphone users.
Google has advised users to immediately update their phones to the latest available Android version or consider switching to newer models that provide long-term security support.
Certified Cyber Crime Investigator Course Launched by Centre for Police Technology
Why older Android phones become unsafe
Google explained that every Android version has a fixed support lifecycle. Once this period ends, the operating system stops receiving security fixes. Meanwhile, hackers continue developing new exploits and malicious tools, leaving unsupported devices defenseless against emerging threats.
Industry estimates suggest that nearly four out of every ten Android smartphones worldwide are still running obsolete software. This significantly increases the risk of sensitive information — including banking credentials, personal photos, messages and contacts — being compromised.
Security researchers warn that spyware, fake apps and background malware installations have become so sophisticated that users often remain unaware their phones have been infected.
“Once updates stop, the device becomes an open door for attackers,” said a mobile security expert. “Even routine browsing or downloading common apps can introduce harmful code.”
Over one billion users potentially exposed
Android remains the world’s largest mobile platform, powering more than three billion active devices globally. Google estimates that over one billion of these phones are currently operating without adequate digital protection.
Experts say this growing pool of vulnerable devices is increasingly being exploited for large-scale cybercrime, including financial fraud, identity theft and covert surveillance operations.
The problem is particularly severe in developing markets, where users tend to keep their smartphones for longer periods due to cost constraints and limited access to newer models.
Google’s key safety recommendations
To reduce risk, Google has urged users to take the following steps:
- Update phones to the latest Android version available
- Install all pending security patches immediately
- Avoid downloading apps from unauthorized sources
- Keep Google Play Protect enabled
- Regularly review app permissions
- Consider replacing devices that no longer receive system updates
The company stressed that once official OS support ends, software-level protection is no longer possible.
Rising cyber threats on mobile platforms
Mobile cybercrime has surged sharply over the past year, with attackers increasingly shifting focus from traditional computers to smartphones. Financial scams, phishing links, fake payment apps and spyware campaigns have become far more sophisticated, often bypassing basic antivirus measures.
Technology analysts say Google’s warning also highlights a broader lack of consumer awareness about software lifecycles and security updates.
“People pay attention to hardware, but software support is just as critical,” said a digital safety researcher. “A phone that looks fine on the outside may already be compromised internally.”
Google reiterated that keeping devices updated remains the most effective defense against cyber threats and urged users to treat operating system upgrades as essential, not optional.
About the author – Rehan Khan is a law student and legal journalist with a keen interest in cybercrime, digital fraud, and emerging technology laws. He writes on the intersection of law, cybersecurity, and online safety, focusing on developments that impact individuals and institutions in India.
