Google has warned that more than 40 percent of Android phones worldwide are now at risk from malware and spyware attacks because they are running older versions of the operating system that no longer receive critical security updates. The warning is based on Android distribution data released in December 2025, which shows that a large share of devices in use today cannot run Android 13 or newer, leaving users exposed to emerging security threats without protection.
According to figures published in early February 2026, about 58 percent of Android devices globally are running versions of the operating system that still receive regular security updates. These include Android 13, Android 14, Android 15 and the newly released Android 16. This means that more than 40 percent of Android phones, representing over one billion devices worldwide, are operating on Android 12 or earlier versions that no longer receive fixes for newly discovered vulnerabilities.
Google has repeatedly warned that unsupported Android versions pose a growing security risk as cybercriminals increasingly target mobile devices. In December 2025, the company said phones that are no longer eligible for system updates remain vulnerable to new forms of malware and spyware that exploit known weaknesses. Analysts reviewing the data said the lack of updates significantly increases exposure to attacks.
“More than 40 percent of Android devices are now vulnerable to new malware and spyware attacks because they are running software that does not receive security updates,” technology analysts said in February 2026 while citing Google’s distribution figures. They added that users whose phones cannot be upgraded to Android 13 or later should consider replacing their devices to maintain basic security.
Malware and spyware threats have grown more sophisticated in recent years. These malicious programs can be used to steal personal data, monitor user activity, access banking credentials and compromise private communications. Older versions of Android lack newer security features such as enhanced app permission controls and improved isolation mechanisms that help prevent malicious software from accessing sensitive information.
Security experts advise Android users to regularly check their device software version and install any available updates immediately. For phones that are still eligible for security patches, keeping the system fully updated can significantly reduce the risk of compromise. However, for devices that have reached the end of their update lifecycle, experts say upgrading to a newer phone is the most effective way to stay protected.
Google also offers built in security tools such as Google Play Protect, which scans apps for harmful behaviour and alerts users to potential threats. While these tools provide an added layer of defense, cybersecurity specialists caution that they cannot fully protect devices running unsupported software.
The warning highlights a broader challenge in mobile security, particularly in markets where older smartphones remain widely used due to affordability concerns. As malware and spyware threats continue to evolve, maintaining up to date software remains one of the most important steps users can take to protect their data and privacy.
