How millions of Android phone users are left vulnerable to malware and spyware threats
By Kenneth Mwenda, February 4, 2026Google has released new data on Android version usage, revealing a serious security problem for millions of users. As of early February 2026, more than 40 per cent of active Android phones run versions that no longer receive critical security updates from Google. This leaves over a billion devices exposed to new malware and spyware threats.
The data, collected on December 1, 2025, and published recently, comes from Google’s Android distribution dashboard. Android 16, the newest version released in June 2025, is now installed on 7.5 per cent of devices.
Android 15 leads with 19.3 per cent, followed by Android 14 at roughly 17.2 per cent to 17.9 per cent – figures vary slightly depending on the report – and Android 13 at 13.9 per cent. Together, these four supported versions account for under 58 per cent of devices.
Google stopped providing security patches for Android 12 and earlier. Phones running these older versions no longer receive fixes for newly discovered vulnerabilities.
Zak Doffman, a cybersecurity writer for Forbes, warned in a February 3, 2026, article.
“You should take this very seriously. Google has just confirmed that more than 40 per cent of all Android phones are now at risk from new malware and spyware attacks.”
The problem is partly due to Android’s open ecosystem. Unlike Apple’s iOS, where one company controls updates across a limited range of devices, Android updates involve dozens of manufacturers, carriers, and models.
The rollout process is often slow, especially for budget or older phones. This fragmentation leaves many users stuck on unsupported versions long after Google ends support.
Doffman highlighted the scale of the problem.
“That’s more than a billion users exposed to new attacks with no way to update their phones with fixes.”
He also pointed out that Google issued spyware warnings in December 2025, emphasising that older phones cannot defend against fresh threats.
Outdated Android faces threats
Unsupported versions include Android 11, which accounts for around 13.7 per cent of devices in some breakdowns; Android 12 at 11.4 per cent, Android 10 at 7.8 per cent, and even Android 9 at 4.5 per cent. Combined, these figures push the total of at-risk devices above 40 per cent.
Adoption of Android 16 is growing, thanks to faster rollouts on Google Pixel devices and some Samsung models, but it still lags behind iOS, where Apple’s tight control allows new versions to reach most devices quickly.
Security experts stress the dangers of running outdated systems. Phones on older versions miss patches for zero-day exploits, phishing threats in browsers such as Chrome, and spyware that targets Android’s open platform.
Sideloading apps or using third-party stores increases the risk. A report by Lookout in late 2024 highlighted that spyware accounted for the majority of critical threats on Android.
Google has introduced security improvements in Android 15 and 16. Features such as the Play Integrity API aim to block spyware on supported devices. But these updates further isolate older phones. Some banking and enterprise apps may stop working properly on unsupported versions, a trend that started in 2025.
If your phone runs Android 12 or below and cannot upgrade to Android 13 or newer, experts advise buying a new device. A mid-range supported phone offers better protection than an old flagship without updates.