New research has suggested that more than one billion Android devices worldwide are vulnerable to hacking.
A report from Which? rifled through data provided by Google, finding 40% of Android users worldwide are not receiving vital security updates. These users are at greater risk of data theft, ransomware and a host of other cyberattacks.
Which? researchers tested a range of affected phones and tablets - including models still available to purchase via top online marketplaces - and found they were highly vulnerable to a range of malware.
- Google tells Samsung to stop making changes in Android (opens in new tab)
- Check out our list of the best Android antivirus apps (opens in new tab) on the market
- Google finally patches MediaTek chip flaw that affected millions of devices (opens in new tab)
Although the most recent iterations of the Android (opens in new tab) operating system are supported by security updates, using a version any less recent than Android 8 (released in August 2017) comes with a level of risk, the report claims.
According to Which?, anyone still using an Android phone released in 2012 or earlier should be especially concerned, since it’s likely these devices lack the many security enhancements Google has rolled out since.
Android security risks
Which? is now calling for greater transparency around the extent of security support and claims the industry must do a better job of guiding customers once security updates have dried up.
“It’s very concerning that expensive Android devices have such a short shelf life before they lose security support - leaving millions of users at risk of serious consequences,” said Kate Bevan, the company’s Computing Editor.
“Google and phone manufacturers need to be upfront about security updates - with clear information about how long they will last and what customers should do when they run out.”
The UK government (opens in new tab) recently took steps to ensure users of connected devices are better protected - a measure Which? applauds.
New rules stipulate manufacturers of IoT devices must provide a point of contact for vulnerability reports and explicitly state the minimum length of time a device will receive security updates.
In the interim, Which? has added warnings to relevant smartphone reviews and issued the following advice to users of older models:
- Check whether your device qualifies for an update
- Be careful what you download
- Watch what you click on
- Back up your data
- Get mobile antivirus
- Here's our list of the best Android VPN apps (opens in new tab) for 2020