Imagine for a moment one billion Android mobiles in circulationThese aren't just astronomical figures on paper: we're talking about devices we use daily for online banking, social media, messaging, or work. Well, a significant portion of these devices have been left without protection against cyberattacks. latest digital threats.
According to the latest data released by Google and several cybersecurity reports, Around 40% of active Android phones no longer receive security patchesTranslated into numbers, that means nearly a billion users potentially exposed to malware, spyware, and remote code execution attacks without, in practice, having an up-to-date defense.
One billion Android users targeted by spyware
The alert comes directly from Google and from various international cybersecurity reportsA very significant portion of the global Android market is running on versions of the system that are no longer officially supported. The focus is on phones with Android 12 or earlierfor those for whom monthly security updates have been stopped.
Distribution data published by the company itself shows that Only 57,9% of Android devices run Android 13 or later.The rest, that 42,1% that still runs on Android 12, 11, 10 or older versions, is in a precarious situation: any new vulnerability discovered in the system will remain permanently unpatched.
In December, the picture of the ecosystem was clear: Android 16 was only present on 7,5% of phonesWhile Android 15 remained at around 19,3%, Android 14 hovered around 17-18%, and Android 13 was just below 14%. In other words, the latest version is advancing slowly, and a large portion of users are still tied to older versions that lose support sooner than many would like.
Meanwhile, some studies are already openly discussing a “Legacy Gap”: a security hole that affects devices with older systems, which stop receiving critical fixes in the operating system kernel while continuing to install modern apps that, on their own, cannot patch those holes.
Fragmentation: Android's biggest weakness compared to iOS
The underlying problem is well-known, but now it hits harder than ever: the fragmentation of the Android ecosystemWhile Apple controls both the hardware and iOS and deploys updates centrally, the Android world is comprised of dozens of manufacturers with very different schedules, customization layers, and support policies.
Google develops the system and maintains the Pixel line, but the reality is that Brands like Samsung, Xiaomi, Oppo, Motorola, and many others decide how often to update each modelThis means that phones released in 2020, 2021, or even 2022, especially mid-range and low-end models, have been left out of security updates despite still functioning perfectly at the hardware level.
The comparison with iOS is striking: the latest statistics indicate that Around 50% of iPhones are already running iOS 26While the previous version hovers around 40%. In other words, a large majority of users in the Apple ecosystem are concentrated on just two versions with active support, while on Android, the market share is spread across many more editions, including several obsolete ones.
This dispersion greatly complicates things. a synchronized distribution of security patchesEven when Google fixes a critical bug in its code, the update doesn't always arrive quickly—or at all—to all affected models. In some cases, the delays are measured in months; in others, devices remain permanently stuck on the last version the manufacturer chose to support.
The practical result is that Millions of operational Android mobile phones coexist with known vulnerabilitiesThese vulnerabilities are documented and exploitable, with no possibility of receiving the patch that fixes them. And cybercriminals, of course, know this.
What's at risk: from banking credentials to silent spying
Security experts agree that the scenario is not theoretical. Malware and spyware attacks on outdated Android devices are an everyday reality.and have become more sophisticated over time. One of the most frequently mentioned risks is remote code execution: through a manipulated video file, a malicious website, or a link. PhishingAn attacker can gain partial control of the device.
That intrusion can translate into access to the photo gallery, reading SMS messages, capturing bank verification codes (OTP) or even intercepting notifications from financial applications. A well-designed Trojan can record keystrokes, read credentials displayed on the screen, or exploit permissions granted to other apps to move freely throughout the system.
In the most serious cases, cybercriminals deploy veritable ecosystems of theftThis is not just a one-off virus, but coordinated campaigns that combine fraudulent applications, cloned websites, WhatsApp or SMS messages impersonating banks or messaging companies, and server networks that manage stolen data on a large scale.
One of the priority objectives is the bank accounts, cards and investment productsAll it takes is for the malware to obtain the correct credentials and confirmation codes for the attacker to log in, transfer funds, or empty balances without the user immediately noticing. From there, recovering the money can be a lengthy process, and not always successful.
Besides the economic impact, there is another equally worrying front: silent espionageCertain types of spyware can activate the microphone or camera, record calls, or track location in real time without any visible warning. This information can be used for blackmail, harassment, or simply to build extremely detailed profiles of the victim.
Google Play Protect and the fine line of “minimal protection”
In response to the criticism, Google points out that, even on devices with older versions, Google Play Protect It still works from Android 7 onwards.This system analyzes applications in real time, compares their behavior with known malware patterns, and, in theory, blocks suspicious installations or uninstalls malicious apps detected afterward.
The company insists that these mobile phones “They continue to benefit from the latest security firms and real-time malware analysis”In other words, even if the operating system doesn't receive kernel patches, there is at least an additional layer of protection linked to the app store and Google services.
However, experts clarify that this layer is insufficient to compensate for the lack of system updatesPlay Protect can help curb many app-based threats, but it can't always protect against vulnerabilities in the operating system itself, the kernel, or low-level components that can be exploited without installing anything from the store.
In practice, this means that if your mobile runs Android 12 or earlier And since it no longer receives official patches, you still have a small safety net, but one riddled with holes. And the more attackers' techniques evolve, the more evident it becomes that this minimal protection is insufficient for intensive phone use in sensitive tasks, such as online banking or work-related matters.
Google itself, in its most recent communications, has adopted an unusually direct tone: It recommends that users who cannot upgrade to Android 13 or higher seriously consider changing their device.although it is not a high-end model.
Global impact and European context: who is most exposed
The problem affects Android users worldwideBut it doesn't affect everyone equally. Several reports indicate that countries with lower per capita income tend to have a higher percentage of older phones, used beyond their support periods out of sheer economic necessity.
In Europe, and also in Spain, the situation is mixed. On the one hand, The renewal cycles are somewhat shorter In other regions, this is thanks to carrier offers, financing programs, and the strong presence of brands that compete on price. This helps many users upgrade more quickly to devices with broader update policies.
On the other hand, the European Android market is highly fragmented: Recent models with guaranteed support for several years coexist with others, often cheaper, that barely receive two or three major updates.Those who purchased a mid-range smartphone in 2020 or 2021 may now find themselves with a physically functional device, but without security patches.
In sectors such as online banking, e-government, and digital commerce, this situation is worrying. More and more procedures require the use of mobile phones, whether for... electronic signatures, two-step verification, or access to sensitive dataIf a significant portion of the population performs these tasks from unsupported phones, the attack surface for cybercrime multiplies.
Some European banks have already begun to using apps on very old devicesAnd cybersecurity awareness campaigns increasingly emphasize the importance of keeping your mobile phone updated, just like a computer.
How to find out if your mobile phone is one of the billion at risk
The first check is simple, although many users never do it. To find out if your device might be in this large risk group, simply check android version which has installed:
- Open the Settings app from your phone.
- Scroll to “About phone” or “Device information”.
- Look for the section “Android version” and check the number.
If the result is Android 12 or lowerAnd if you haven't received any major updates in a while, it's very likely your phone has reached the end of its official support cycle. It's also worth checking the date of the last security patch displayed on that same screen: if many months have passed since the last update, the vulnerability is greater.
Another important detail is the model release datewhich doesn't always coincide with the purchase date. Some Spanish and European stores continue to sell devices that have been on the market for one or two years, so the update period available to the user may be shorter than it seems on paper.
At the opposite end of the spectrum are newly launched phones with extended support policies. Some manufacturers are already announcing Up to seven years of system updates and monthly patches in their most recent models, which, at least on paper, reduces the risk in the medium and long term.
When considering a future purchase, experts recommend paying as much attention to this specification as to the camera or the processor. After all, Good hardware without security updates eventually becomes a problem ahead of schedule.
What can users with older Android phones do?
The most repeated recommendation from analysts and from Google itself is unequivocal: If your phone is stuck on Android 12 or earlier versions and no longer receives updates, the wisest course of action is to switch devices.It's not a budget-friendly solution, but it's the only one that eliminates the problem of unpatched vulnerabilities at its root.
For those who cannot or do not wish to renew it immediately, some palliative measures are being considered that may reduce, but not eliminate, the risk:
- Install a trusted security solution that monitors applications and connections.
- Avoid installing APKs from outside of Google Play, one of the most common entry points for malware.
- Be wary of links received via SMS, email, or messagingespecially if they ask for bank credentials or personal data.
- Limit the use of the old mobile phone to sensitive operationssuch as online banking or employment documentation, moving those tasks to a more secure device.
At the same time, it's worth reviewing how we actually use our phones. If it's our main device for manage bank accounts, investments, administrative procedures, or work documentsContinuing to use it without support can be costly. In this context, many experts recommend prioritizing at least a mid-range device with a good update history over an old, discontinued high-end model.
In the European market it is relatively easy to find Affordable smartphones with the latest Android operating system and several years of guaranteed support.For the average user, taking that leap involves an initial cost, but it reduces the possibility of becoming the next victim of a massive malware campaign.
In light of the figures and official warnings, the idea that "almost everyone changes their mobile phone every so often" does not match reality: Hundreds of millions of people are still using phones that no longer receive patches.In a context where mobile phones have become the key to our digital lives, ignoring security alerts is no longer just a technical annoyance, but a decision with direct consequences for our money, our privacy, and our daily lives.
