Google warns that 40 percent of Android phones face serious security risks, exposing nearly one billion devices to malware and spyware worldwide.
 |
| As Android update adoption stalls, Google’s alert highlights how aging smartphones are quietly turning into gateways for cyberattacks. Image: CH |
Tech Desk — February 10, 2026:
Google’s warning that roughly 40 percent of Android phones are now at serious security risk exposes a growing fault line in the global smartphone ecosystem: devices are lasting longer in users’ hands than the security protections designed to safeguard them. According to the company, around one billion active Android phones are currently running software versions that no longer receive critical security updates, leaving them increasingly vulnerable to cyberattacks.
The problem stems largely from the end of official security support for Android 12 and earlier versions. While Google continues to release newer operating systems, adoption has lagged. Only 58 percent of active Android devices worldwide are running Android 13 or later, and the newest version, Android 16, is installed on just 7.5 percent of phones. Millions of users remain dependent on outdated software that no longer receives patches against newly discovered threats.
Security experts warn that these older devices are now prime targets for cybercriminals. Without official updates, known vulnerabilities remain permanently open, allowing malware, spyware, and banking trojans to operate with relative ease. Of particular concern is so-called background spyware—malicious software that runs silently, monitoring private messages, photos, call logs, and financial transactions without the user’s knowledge.
The risks are amplified by the central role smartphones now play in everyday life. Phones have become digital wallets, identity keys, and communication hubs, meaning a single compromised device can expose sensitive personal and financial data. In this context, an unpatched phone is not merely outdated—it is a liability.
Google’s advice is blunt: users who cannot update to Android 13 or later, or whose devices no longer receive security patches, should consider upgrading to a newer phone as soon as possible. The company also urges users to keep automatic updates enabled to minimize exposure to emerging threats. Yet this recommendation highlights a deeper issue. In many regions, especially in developing markets, replacing a phone every few years is not financially feasible, effectively tying digital security to economic means.
As cyberattacks continue to rise globally, Google’s warning serves as a reminder that software support cycles have real-world consequences. Unless update adoption improves or longer-term security solutions are introduced for older devices, a large portion of the world’s smartphones will remain vulnerable—quietly expanding the attack surface of the digital economy.