More than one billion Android devices at risk of hacking - here's how to stay safe
Devices no longer supported by security updates and built-in protection, report warns
New research has suggested that more than one billion Android devices worldwide are vulnerable to hacking.
A report from Which? rifled through data provided by Google, finding 40% of Android users worldwide are not receiving vital security updates. These users are at greater risk of data theft, ransomware and a host of other cyberattacks.
Which? researchers tested a range of affected phones and tablets - including models still available to purchase via top online marketplaces - and found they were highly vulnerable to a range of malware.
- Google tells Samsung to stop making changes in Android
- Check out our list of the best Android antivirus apps on the market
- Google finally patches MediaTek chip flaw that affected millions of devices
Although the most recent iterations of the Android operating system are supported by security updates, using a version any less recent than Android 8 (released in August 2017) comes with a level of risk, the report claims.
According to Which?, anyone still using an Android phone released in 2012 or earlier should be especially concerned, since it’s likely these devices lack the many security enhancements Google has rolled out since.
Android security risks
Which? is now calling for greater transparency around the extent of security support and claims the industry must do a better job of guiding customers once security updates have dried up.
“It’s very concerning that expensive Android devices have such a short shelf life before they lose security support - leaving millions of users at risk of serious consequences,” said Kate Bevan, the company’s Computing Editor.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
“Google and phone manufacturers need to be upfront about security updates - with clear information about how long they will last and what customers should do when they run out.”
The UK government recently took steps to ensure users of connected devices are better protected - a measure Which? applauds.
New rules stipulate manufacturers of IoT devices must provide a point of contact for vulnerability reports and explicitly state the minimum length of time a device will receive security updates.
In the interim, Which? has added warnings to relevant smartphone reviews and issued the following advice to users of older models:
- Check whether your device qualifies for an update
- Be careful what you download
- Watch what you click on
- Back up your data
- Get mobile antivirus
- Here's our list of the best Android VPN apps for 2020
Joel Khalili is the News and Features Editor at TechRadar Pro, covering cybersecurity, data privacy, cloud, AI, blockchain, internet infrastructure, 5G, data storage and computing. He's responsible for curating our news content, as well as commissioning and producing features on the technologies that are transforming the way the world does business.