Millions of Android phone users now face serious security risks, according to new data released by Google. The figures show that more than 40 per cent of active Android devices no longer receive critical security updates.
That means over one billion phones remain vulnerable to new malware and spyware attacks.
The data comes from Google’s Android distribution dashboard. It was collected on December 1, 2025, and published in early February 2026.
The latest operating system, Android 16, launched in June 2025. It now runs on just 7.5 per cent of devices.
Android 15 leads adoption with 19.3 per cent. It is followed by Android 14 at around 17 to 18 per cent, and Android 13 at 13.9 per cent.
Together, these supported versions account for less than 58 per cent of Android phones worldwide.
Google no longer provides security updates for Android 12 and earlier versions. Devices running those systems miss fixes for newly discovered vulnerabilities.
Experts warn of growing risks
Cybersecurity writer Zak Doffman, writing for Forbes, warned users to take the issue seriously.
He said Google had confirmed that more than 40 per cent of Android phones now face exposure to fresh malware and spyware attacks.
The problem stems from Android’s open ecosystem. Unlike iOS, which Apple controls centrally, Android updates depend on manufacturers, carriers, and individual models.
As a result, updates often arrive late or never arrive at all. Budget and older phones suffer the most. Many users remain stuck on unsupported software long after Google ends support.
Doffman said this leaves more than a billion people exposed, with no way to secure their devices.
Older Android versions dominate
Phones running outdated software remain widespread. Android 11 alone accounts for about 13.7 per cent of devices in some reports. Android 12 follows at 11.4 per cent, Android 10 at 7.8 per cent, and Android 9 at 4.5 per cent.
Together, these versions push the total number of at-risk phones beyond 40 per cent.
Although adoption of Android 16 is rising, mainly through Google Pixel and some Samsung models, it still lags far behind Apple’s update rollout.
Malware and spyware threats increase
Security experts warn that outdated phones cannot defend against modern threats. These include zero-day exploits, browser-based phishing attacks, and advanced spyware.
The risks grow when users sideload apps or rely on third-party app stores. A late-2024 report by Lookout found that spyware made up most critical Android threats.
Google has added stronger protections in Android 15 and 16. Tools such as the Play Integrity API help block spyware on supported devices. However, these protections do not reach older phones.
Some banking and enterprise apps have already started dropping support for outdated Android versions. That trend began in 2025 and continues to expand.
When upgrading becomes essential
Security specialists advise users running Android 12 or earlier to upgrade their devices if updates are unavailable. A mid-range phone with active support offers far better protection than an older flagship without security patches.
For millions of users, staying safe may now depend on replacing their phone.