42% of Android phones now vulnerable to malware, report warns

Over one billion Android smartphones worldwide are now at increased cybersecurity risk after Google confirmed that devices running Android 12 or earlier will no longer receive security updates.

New data shows this move potentially leaves approximately 42.1 percent of the global Android user base vulnerable to malware and spyware. The latest statistics highlight a clear division: only 57.9 percent of active devices run Android 13 or newer, the point at which system-level security support continues.

This means more than four out of ten users are stuck on outdated, unsupported software.

Experts attribute this mainly to the long-standing fragmentation issue. Although Google updates the OS, manufacturers like Samsung, Xiaomi, and Motorola are responsible for delivering those updates—often only for a few years. This is in stark contrast to Apple, where the majority of iPhones run the latest two iOS versions.

Adoption of the newest versions remains slow. Only 7.5 percent of devices operate Android 16, and 19.3 percent are on Android 15. Meanwhile, older versions are still prevalent, with Android 11 at 13.7 percent and Android 12 at 11.4 percent still widely in use.

Google has issued a clear directive: devices that cannot be updated beyond Android 12 should be replaced. The company emphasized that while its Play Protect service still checks for malware on these older phones, it is not a sufficient substitute for the crucial system-level security updates required to guard against sophisticated exploits.

Security experts have warned that using unpatched devices is a calculated risk. This can leave users vulnerable to banking theft, message interception, and unauthorized access to personal data.

Users are recommended to check their software version in the Settings app. Devices that still have Android 12 or older versions are advised to upgrade to a modern mid-range device to improve their security.