![]() |
Google has stopped providing security updates for some Android devices. Photo: Cnet . |
According to Google, up to 40% of Android phones are vulnerable to malware and spyware attacks. Users in this group should upgrade their phones to a newer version.
Part of the reason stems from Google ceasing to release security patches for phones running Android 12 or earlier. As a result, phone models released in 2021 or earlier are no longer protected against the latest malware threats.
According to Google's latest Android version distribution data, only 57.9% of Android devices are running version 13 or higher. This means that 42.1% of current Android phones are vulnerable to attacks.
In December 2025, an estimated one billion Android users were at risk, and that number has remained unchanged to this day, according to PhoneArena . The long-standing problem with Android lies in the fragmentation of the operating system update process.
Percentage of users of different Android versions. Image: 9to5Google. |
While Apple manufactures both the devices and the operating system, Android is developed by Google, but besides the Pixel line, many different companies produce Android phones. This makes the synchronized rollout of updates nearly impossible.
Because of this fragmentation, the percentage of Android users who own the latest version of the operating system is extremely low. As of December, only 7.5% of devices were running Android 16.
Conversely, according to StatCounter , as of this month, iOS 26 is present on 50% of iPhones. The previous version, iOS 26, also accounts for 40%. Due to the Liquid Glass interface, the adoption rate of iOS 26 is not as high as usual, but it is still very high.
Google directly recommends that users who cannot update beyond Android 12 should consider upgrading and buying a new phone. If price is a concern, users will still be safer choosing a mid-range phone, provided that the new device runs Android 13 or higher.
For those who aren't ready, devices running Android 7 and above still have built-in malware protection, albeit weaker. "These devices still benefit from the latest Play Protect security signatures and real-time malware scanning," a company spokesperson said.
To understand the level of risk, a malware attack can allow attackers to steal login credentials used for sensitive applications and websites. Without security updates, malware can infiltrate through fake apps, suspicious links, or unpatched vulnerabilities.
These codes can automatically record keystrokes and retrieve OTPs displayed on the screen. For example, cybercriminals could log in and use passwords to access and drain users' bank accounts and stock investments.
Source: https://znews.vn/canh-bao-khan-toi-mot-ty-nguoi-dung-android-post1626084.html









