Over a billion Android phones left exposed as Google ends security updates for older versions

By Admin

09 Feb, 2026

Introduction
More than one billion Android smartphones worldwide are now facing increased cybersecurity risks after Google confirmed that devices running Android 12 or older no longer receive system-level security updates. According to Android distribution data cited by Moneycontrol, this decision has left a significant portion of the global Android ecosystem vulnerable to new malware and spyware threats, raising serious concerns for users, manufacturers, and security experts alike.

The Scale of the Security Gap
Latest platform distribution figures show that only 57.9 per cent of Android phones are running Android 13 or newer. This means that 42.1 per cent of devices roughly one billion smartphones are now outside Google’s official security patch coverage. Phones launched in 2021 or earlier are among the most affected, and despite ongoing warnings, the situation has seen little improvement over the past year. For many users, their devices are effectively frozen from a security standpoint.

Which Android Versions Are Affected
Devices no longer receiving security patches include Android 12, which still accounts for 11.4 per cent of phones, Android 11 at 13.7 per cent, Android 10 at 7.8 per cent, Android 9 at 4.5 per cent and Android 8 at 2.3 per cent. In total, more than four in every ten Android phones now sit outside Google’s security coverage. Meanwhile, adoption of newer versions remains limited, with only 7.5 per cent of devices on Android 16, 19.3 per cent on Android 15, 17.2 per cent on Android 14 and 13.9 per cent on Android 13.

Fragmentation: Android’s Long-Standing Challenge
Industry observers have long identified fragmentation as Android’s core weakness. While Google develops the Android operating system, it does not control update schedules for most manufacturers. Brands such as Samsung, Xiaomi, Oppo, Vivo and Motorola manage their own software timelines and often stop supporting devices after just a few years. This contrasts sharply with Apple’s vertically integrated model, which allows it to deliver operating system and security updates to older iPhones more consistently.

Android vs iOS Update Distribution
The gap between Android and iOS update adoption remains wide. StatCounter data shows that around 50 per cent of iPhones run iOS 26, while another 40 per cent remain on iOS 18, the previous version. Even with slower adoption following Apple’s Liquid Glass redesign, iPhones maintain a far higher level of security coverage compared to the Android ecosystem, where unsupported versions remain widespread.

What Users Can Do Right Now
Users can check whether their device is affected by opening Settings, navigating to About phone and reviewing the Android version. Any phone running Android 12 or older that cannot be upgraded is no longer receiving security patches from Google. The company’s guidance is clear: if a device cannot move beyond Android 12, it should be replaced. Importantly, Google has stressed that this does not require buying a flagship phone. Modern mid-range smartphones running Android 13 or later still receive monthly security updates and offer far stronger protection than older premium devices stuck on outdated software.

Role and Limits of Play Protect
Google has clarified that its Play Protect service continues to function on Android 7 and newer, providing malware scanning and updated threat signatures. A Google spokesperson told Forbes that unsupported devices still benefit from real-time malware detection. However, the company has also acknowledged that Play Protect cannot replace missing system-level security patches, which are critical for preventing advanced exploits and zero-day attacks.

Why the Risk Is Serious
Security experts warn that the threat is not theoretical. Malware infections can lead to stolen usernames and passwords, unauthorised access to banking and trading apps, interception of messages and authentication codes, and direct financial losses. Without regular security patches, vulnerabilities remain open for attackers to exploit.

Conclusion
With around one billion Android users now running unsupported software, Google’s position is unambiguous. Continuing to use an unpatched device is a calculated risk. Users must decide whether to accept that exposure or upgrade to a phone that still receives security updates. In an era of rising digital threats, staying on supported software is no longer optional it is essential for protecting personal data, finances and privacy.