Google has reported that more than 40% of Android devices are running older software, putting millions of users at risk from new security threats. That gap has left a large share of devices exposed to newer forms of malware and spyware.
The issue comes from the slow adoption of newer Android versions and the end of security support for older software.
Update: Data Shows Millions of Phones Are Out of Support
Google’s latest Android distribution figures, based on data collected in December, show that newer versions are still far from universal.
Android 16 was installed on about 7.5% of devices at the time the data was captured. Around 19.3% of devices were running Android 15, while Android 14 and Android 13 were installed on roughly 17.9% and 13.9% of phones, respectively.
Combined, these versions account for slightly less than 58% of Android phones that still receive regular security patches.
Older Android Versions No Longer Receive Fixes
Devices running Android 12 or earlier are no longer covered by Google’s regular security updates.
Once a phone drops out of support, security fixes stop altogether. That means newly found weaknesses are left open, making it easier for attackers to access data or monitor activity.
Malware and Spyware Activity Adds to the Risk
The situation has drawn attention as security researchers report renewed activity from mobile spyware operators.
Google has previously warned that some of these tools are designed to quietly exploit outdated software. Phones that are no longer updated stay exposed, regardless of how carefully they are used.
Android’s Patch Schedule Leaves Many Phones Vulnerable
On Android, updates do not reach everyone at the same time. Software rollouts depend on phone makers and mobile carriers, not just Google.
Because of that, many devices stop receiving security patches long before they are replaced. Those phones remain in daily use, but without protection against newly discovered threats.
What Android Users Can Do
Users can see which version of Android their phone is running by checking the software information in the settings menu.
If a device cannot be updated to Android 13 or newer, security specialists generally recommend moving to a supported model. In many cases, a newer mid-range phone offers stronger protection than an older high-end device that no longer receives updates.
A Problem That Is Not Going Away
Although the data reflects conditions from late last year, the risk continues today.
Phones that have fallen out of support remain exposed, and attackers tend to focus on devices they know cannot be patched. Google has repeatedly warned that outdated software increases the chances of compromise over time.
