More than one billion Android devices at risk of malware threats, no longer being updated

Based on Google data, two in five of Android users worldwide may no longer be receiving updates, and while these devices won’t immediately have problems, without security support there is an increased risk to the user.

Our latest tests have shown how such phones and tablets, including handsets still available to buy from online marketplaces such as Amazon, could be affected by a range of malware and other threats. This could result in personal data being stolen, getting spammed by ads or even signed up to a premium rate phone service.

[…]

Generally speaking, the older the phone, the greater the risk. With the Android versions released in the past five years (Android 5.0 to 10.0), Google put more effort into enhancing security and privacy to give the user greater protection, transparency and control over their data. But smartphones can still be an attractive target, and it’s important to be aware of the threat.

Based on Google’s own data from May 2019, 42.1% of Android active users worldwide are on version 6.0 or earlier: Marshmallow (2015), Lollipop (2014), KitKat (2013), Jellybean (2012), Ice Cream Sandwich (2011) and Gingerbread (2010).

According to the Android Security Bulletin, there were no security patches issued for the Android system in 2019 that targeted Android versions below 7.0 Nougat.

That means more than one billion phones and tablets may be active around the world that are no longer receiving security updates.

[…]

We tasked expert antivirus lab, AV Comparatives, to try to infect them with malware, and it managed it on every phone, including multiple infections on some.

As you can see in the above chart, all the Android phones we used in our test lacked the more modern security features introduced by Google to the latest Android 9.0 or 10.

Source: More than one billion Android devices at risk of malware threats – Which? News