Google Warns Over 1 Billion Android Phones Are Now at Risk
If you’re using an older Android phone, Google has a message you probably don’t want to hear.
More than 40% of Android devices worldwide no longer receive critical security updates, leaving over 1 billion phones exposed to malware and spyware attacks, according to the company.
The problem isn’t a sudden flaw but a slow drift. Android adoption data shows most users are still running software versions that Google no longer fully supports. While recent confusion around Google Play system update dates has raised concerns, Google says that the issue is cosmetic.
The real issue is simpler and more serious: phones running Android 12 or older are now outside the security safety net.
Android version lag leaves millions exposed
Google’s latest Android distribution data shows that only about 58% of devices run Android 13 or newer, Forbes reported. As of December 2025, Android 16 was installed on just 7.5% of phones. Android 15 accounted for 19.3% of devices, Android 14 for 17.9%, and Android 13 for 13.9%.
“Those four Android versions matter because Google no longer provides critical system-level security fixes for Android 12 or older,” Forbes reported.
As a result, more than 40% of active Android phones, representing over 1 billion users, are now outside full OS-level protection, with no clear path to receive fixes for newly discovered attacks. Google said older devices still receive limited protection through its app security tools.
“Google Play Protect, Android’s built-in malware and unwanted software protection, continues to support devices as far back as Android 7 to help keep users safe,” a Google spokesperson told Forbes. The spokesperson added that these devices still benefit from updated malware signatures and real-time scanning.
Samsung support changes intensify the problem
The security gap is widening as manufacturers scale back long-term device support. According to Forbes, Samsung has confirmed that the Galaxy S21, S21 Plus, and S21 Ultra no longer receive Android or security updates.
Samsung has also downgraded the Galaxy S22 series and Galaxy S21 FE from monthly to quarterly updates. While those devices are still supported, the slower update cadence widens the window of exposure to new vulnerabilities.
Gulf News explained that, unlike Apple, which tightly controls both hardware and software updates, Android depends on individual manufacturers to deliver patches. “Phones are often abandoned after a few years, leaving users exposed to potential malware and security exploits,” the publication noted.
Google clarifies Play system update confusion
According to Android Authority, some Android users recently noticed their Google Play system update rolling back from January 2026 to November 2025. Google addressed the issue after reports from Android users surfaced, explaining that the date discrepancy was cosmetic rather than a security regression.
“We are aware that some users are seeing an outdated “Google Play system update” date. This is a display-only issue. “It does not affect device performance or security,” a Google spokesperson told the publication.
Google also stated that it is working on a fix to ensure the update label reflects the correct date and emphasized that the issue has no impact on device protection.
At the same time, Forbes reported that phones unable to run Android 13 or newer no longer receive critical system-level security updates, leaving users with limited options beyond replacing unsupported devices. Gulf News echoed that assessment, explaining that even newer mid-range phones with active software support offer stronger protection than outdated flagship models.
Learn more about Google’s February 2026 Android system update, including improvements to device setup, storage purchasing, and privacy tools.
About Author
