More than one billion Android phones and tablets are vulnerable to hackers because they’re no longer supported by security updates, according to new research.
Consumer watchdog Which? found 40 per cent of Android users have been using old versions of the Google-made OS that no longer receive vital updates.
The most at-risk phones are any that run Android 4 or older – however, those using devices on Android 7.0 that can’t update to a newer version should also be concerned.
The study, based on Google data, highlights the importance of using up-to-date software to avoid being at risk of data theft, ransom demands and other malware attacks.
The current software version is Android 10 while Android 9 and 8 are still ‘in theory’ getting security updates too and are safe to use.
Which? experts took a selection of affected phones and tablets into its labs, including some that can still be bought online on sites such as Amazon
The watchdog estimates that there are millions of smartphone users in the UK alone at risk of data theft and other cyber attacks.
It also believes Google and other software developers need to be transparent regarding obsolete software and should help users whose devices are no longer supported.
‘It’s very concerning that expensive Android devices have such a short shelf life before they lose security support, leaving millions of users at risk of serious consequences if they fall victim to hackers,’ said Which? editor Kate Bevan.
‘Google and phone manufacturers need to be upfront about security updates with clear information about how long they will last and what customers should do when they run out.
‘The government must also push ahead with planned legislation to ensure manufacturers are far more transparent about security updates for smart devices and their impact on consumers.’
Which? experts took a selection of affected phones and tablets into its labs, including handsets still available to buy from online marketplaces such as Amazon.
Phones tested included the Motorola X, Samsung Galaxy S3, Sony Xperia Z2 and the Nexus 5, which was made by LG and marketed by Google.
All could be infected by malware at least once, while some models could be infected multiple times, Which? said.
Anyone using an Android phone released around 2012 or earlier, including popular models like the Samsung Galaxy S3 and Sony Xperia S, are particularly at risk to hackers, and users of these phones should be ‘especially concerned’.
These phones are susceptible to links on websites that allow a hacker to take control of the device and steal personal information – links that would otherwise be blocked by up-to-date software.
The Samsung Galaxy A50s (pictured) launched last year with Android 9. The current software version is Android 10 while Android 9 (aka Pie) and Android 8 (Oreo) are still ‘in theory’ getting security updates too, Which? said
Older versions of mobile operating systems, generally those more than two years old, often have security updates from developers stopped.
Firms such as Google encourage users to instead update to a newer version of the operating system in order to best secure their device from modern cyber threats.
However, some older phones won’t update to newer operating systems, which acts as an incentive for consumers to buy a new model fairly regularly.
But while consumers frequently fork out hundreds of pounds to replace their device, old phones end up piled up in landfill.
Which? says Google and other manufacturers ‘have questions to answer’ about the environmental impact of phones that can only be supported for three years or less.
Which? researchers tested the Motorola X, Samsung Galaxy A5 2017, Sony Xperia Z2, Samsung Galaxy S6 and the Nexus 5, which is made by LG and marketed by Google. All could be infected by malware at least once, while some models could be infected multiple times
Google has not responded to MailOnline’s request for comment regarding the Which? report, although it declined to respond to the watchdog’s request for an exact figure on how many UK-based Android users are at risk.
Which? also said it shared its findings with Google but the tech giant’s response ‘failed to provide reassurance that it has plans in place to help users whose devices are no longer supported’.
Google and Apple – the makers of the world’s two most popular mobile operating systems, Android and iOS – release new versions of their software annually, followed by smaller, periodical updates for several years after to fix any further issues found within them.
There are more than 2.5 billion active Android devices in the world, according to 2019 figures from Google.
Based on Google data from May 2019, 42.1 per cent of Android active users worldwide are on version 6.0 or earlier – Marshmallow (2015), Lollipop (2014), KitKat (2013), Jellybean (2012), Ice Cream Sandwich (2011) and Gingerbread (2010).