By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
10alert.com10alert.com10alert.com
  • Threats
    • WordPress ThreatsDanger
    Threats
    A cyber or cybersecurity threat is a malicious act that seeks to damage data, steal data, or disrupt digital life in general. Cyber threats include…
    Show More
    Top News
    Safeguards against firmware signed with stolen MSI keys
    6 months ago
    Protect yourself and your account
    2 weeks ago
    All You Need to Know About APTs
    1 year ago
    Latest News
    Update ASAP! Critical Unauthenticated Arbitrary File Upload in MW WP Form Allows Malicious Code Execution
    2 hours ago
    Fake CVE Phishing Campaign Tricks WordPress Users Into Installing Malware
    20 hours ago
    Patchstack Alliance Bounty Program Events for December
    3 days ago
    Your Smart Coffee Maker is Brewing Up Trouble
    3 days ago
  • Fix
    Fix
    Troubleshooting guide you need when errors, bugs or technical glitches might ruin your digital experience.
    Show More
    Top News
    What’s included in the ‘Battle of Shadow and Light’ update for Halo 5: Guardians
    1 year ago
    How to fix printer spooler problems on Windows 10
    1 year ago
    How to fix error 0x80004005 starting VirtualBox VM on Windows 10
    1 year ago
    Latest News
    How automatically delete unused files from my Downloads folder?
    10 months ago
    Now you can speed up any video in your browser
    10 months ago
    How to restore access to a file after EFS or view it on another computer?
    10 months ago
    18 Proven Tips to Speed Up Your WordPress Site and Improve SEO | 2023 Guide
    11 months ago
  • How To
    How ToShow More
    How to stop, disable, and remove any Android apps — even system ones
    2 days ago
    Bigger, Better, Cooler in a 2U1N form factor
    Bigger, Better, Cooler in a 2U1N form factor
    3 days ago
    Vulnerability in crypto wallets created online in the early 2010s
    4 days ago
    Use Windows 11 features to inspire creativity, speed up everyday tasks
    5 days ago
    Windows brings nostalgia to the holidays with the return of Windows Ugly Sweaters, this year featuring the Bliss backdrop
    6 days ago
  • News
    News
    This category of resources includes the latest technology news and updates, covering a wide range of topics and innovations in the tech industry. From new…
    Show More
    Top News
    Daily Wallpaper for Windows by Bing
    1 year ago
    How to create a photo of a non-existent person?
    1 year ago
    How to quickly stop an app on Android?
    1 year ago
    Latest News
    How to disable news feed from Widgets on Windows 11
    14 mins ago
    How to fix performance issues after upgrading to Windows 11 23H2
    14 mins ago
    How to disable updates on Windows 10 Pro and Home
    1 day ago
    Change screen brightness on Windows 11
    3 days ago
  • Glossary
  • My Bookmarks
Reading: More than one billion Android devices do not receive updates
Share
Notification Show More
Aa
Aa
10alert.com10alert.com
  • Threats
  • Fix
  • How To
  • News
  • Glossary
  • My Bookmarks
  • Threats
    • WordPress ThreatsDanger
  • Fix
  • How To
  • News
  • Glossary
  • My Bookmarks
Follow US
AppsThreats

More than one billion Android devices do not receive updates

Andra Smith
Last updated: 13 October
Andra Smith 3 years ago
Share
13 Min Read

More than one billion Android devices around the world are vulnerable to attack by hackers because they are no longer supported by security updates and built-in protection, new research by Which? has found.

The consumer champion crunched Google data, which shows a staggering two in five (40%) Android users worldwide are no longer receiving vital security updates from Google, potentially putting them at risk of data theft, ransom demands and a range of other malware attacks that could leave them facing bills for hundreds of pounds.

The findings come as Which? adds warnings to its reviews of potentially affected smartphones – which are not necessarily old models and are still available to buy through online marketplaces – so consumers are aware of the risk.

Which? experts took a selection of affected phones and tablets into its labs, including handsets still available to buy from online marketplaces such as Amazon, and found they could easily be hit by a range of malware and other threats.

Researchers tested a range of phones including models from Motorola, Samsung, Sony and LG/Google and found vulnerability to hacks including enabling personal information to be stolen, a hacker to take complete control over the phone or large bills for services that the phone owner hasn’t used themselves.

Recently out-of-support devices won’t immediately have problems, but without security updates, the risk to the user of being hacked goes up exponentially. Generally speaking, the older the phone, the greater the risk.

Anyone using an Android phone released around 2012 or earlier – including popular models like the Samsung Galaxy S3 and Sony Xperia S, should be especially concerned, since it’s likely they will be running a version of Android that does not include various security enhancements Google has been rolling out since.

Google declined to respond when Which? asked for data on how many UK users are likely to be affected. But the consumer champion estimates there could potentially be millions of old unsupported Android devices still in use in the UK.

Which? shared its findings with Google but the tech giant’s response failed to provide reassurance that it has plans in place to help users whose devices are no longer supported.

Which? is calling for far more transparency around how long updates for smart devices will be provided so consumers can make informed buying decisions. The industry must also do a better job of giving support and guidance to customers about their options once security updates are no longer available.

Proposed legislation for mandatory security requirements – putting the onus on manufacturers to provide clear information about how long security updates will be provided for – and strong enforcement for manufacturers, retailers and online marketplaces that fall short are essential to tackle the growing problem of digital obsolescence.

Which? believes Google and other manufacturers also have questions to answer about the environmental impact of phones that can only be supported for three years or less – meaning consumers frequently need to fork out hundreds of pounds to replace them, while old phones end up piled up in landfill.

Kate Bevan, Which? Computing editor, said:

It’s very concerning that expensive Android devices have such a short shelf life before they lose security support – leaving millions of users at risk of serious consequences if they fall victim to hackers.

Google and phone manufacturers need to be upfront about security updates – with clear information about how long they will last and what customers should do when they run out.

The government must also push ahead with planned legislation to ensure manufacturers are far more transparent about security updates for smart devices – and their impact on consumers.

Which? tips

My Android phone is working fine, so why should I ditch it?

If your Android device is more than two years old, check if it can be updated to a newer version of Android. Open your phone or tablet Settings app, then tap System > Advanced > System update. You can then see your Android version.

If you are on a version before Android 7.0 Nougat, try to update your system. Still in the System update section, follow the instructions to run the update.

If you can’t update to a newer version, you’ll need to consider that there will be an increased risk of using your device going forwards – especially if you are running a version of Android 4 or lower.

What should I do if my mobile phone is no longer updated?

The older the phone, the greater the risk. Anyone with a smartphone that runs Android 4 or earlier should seriously consider whether it’s worth the risk to their data and privacy to continue using the device. However, there is an increased risk to any device that is no longer being supported by security updates. If you are still using such a phone, carefully consider the following advice until you upgrade.

1. Be careful what you download: The majority of threats come from downloading apps from outside the Google Play store, so be very wary of that. If you do sideload an app, check carefully that it is official and always manually re-enable the ‘unknown sources’ block in your Android settings after you’re finished. This is done automatically in newer Android versions.

2. Watch what you click on: As well as traditional phishing threats that might arrive via email, variations on these threats can be sent to a phone via SMS or MMS messages to take advantage of vulnerabilities found on some older versions of Android. Be very wary of clicking on any links that look suspicious, especially if they are from senders you’re not familiar with.

3. Back up your data: Make sure all your data is backed up in at least two places (a hard drive and a cloud service). If something goes wrong and you do get infected, this will help to ensure you won’t lose access to anything vital.

4. Get mobile antivirus: There are a range of additional apps that can provide some protection for your older Android device against security threats. Bear in mind, though, that the choice might be limited for really old Android builds. We could barely find any reputable services for the Sony Xperia Z2 running Android 4.4.

Which? advice guide for people who are using phones that no longer receive security updates: https://www.which.co.uk/reviews/mobile-phones/article/mobile-phone-security-is-it-safe-to-use-an-old-phone

Notes to editors

  • The current software version is Android 10 while Android 9 (aka Android Pie) and Android 8 (Android Oreo) are still in theory getting security updates too. Using anything below Android 8 will carry security risks.

  • Based on Google’s own data from May 2019 (we asked Google for more up-to-date data but it did not respond), 42.1% of Android active users worldwide are on version 6.0 or earlier: Marshmallow (2015), Lollipop (2014), KitKat (2013), Jellybean (2012), Ice Cream Sandwich (2011) and Gingerbread (2010).

    According to the Android Security Bulletin, there were no security patches issued for the Android system in 2019 that targeted Android versions below 7.0 Nougat.

    That means more than 1bn phones and tablets were active around the world that no longer received security updates. We asked Google for UK data but again it declined to respond. However, we estimate there could be millions of old Android devices still in use in the UK.

  • In January 2020, Which? purchased a Motorola X, Samsung Galaxy A5 2017 and the Sony Xperia Z2 from Amazon Marketplace sellers. We also had existing LG/Google Nexus 5 and Samsung Galaxy S6 smartphones in our test lab.

    All these phones were at least three years old and could only get to Android 7.0, apart from the Samsung Galaxy A5 (2017), which could make it to Android 8.0.

    We tasked expert antivirus lab, AV Comparatives, to try to infect them with malware, and it managed it on every phone, including multiple infections on some.

  • Researchers bought Motorola X, Samsung Galaxy A5 2017, Sony Xperia Z2 from Amazon Marketplace sellers and tested them in the lab along with previously purchased LG/Google Nexus 5 and Samsung Galaxy S6 smartphones. All could be infected by malware at least once, while some models could be infected multiple times.

    The Sony Xperia Z2 was found to leave victims exposed to Stagefright – a devastating attack that can enable a hacker to take complete control over the phone, in order to steal data or charge a ransom to regain access.

    The Sony Xperia Z2 phone was on an older version of Android, 4.4.2 KitKat, and the exploit works by sending music or video files to the victims via MMS or snags them via a phishing website.

    All of the phones in the tests were infected successfully by Joker, also known as Bread. Hackers using this malware, which has been around since 2017, slip it into apps for sale on the Google Play store. Last year Google removed 1,700 apps infected with Joker.

    Joker tricks people into downloading what they think is a legitimate app. If consumers agree to all the permissions, it automatically registers them for a premium rate service that adds charges to users’ phone bills. If that were not enough, it also steals contact details to enable it to target other users.

    Every single device tested was also infected with Bluefrag, a critical vulnerability that focuses on the Bluetooth component of Android. An attacker needs to be within Bluetooth range, such as in a cafe, and then they can silently hack the phone. Once done, they can steal personal information and also use the device to spread the malware elsewhere. Google issued a fix to Bluefrag in newer Android devices in February 2020.

  • Which? incorporates information about devices that no longer receive security updates into its reviews, so consumers can make informed decisions about products that could potentially pose security risks.


Translate this article

TAGGED: Malware, Phishing, PoC, Security, Software, Threat, Threats, Vulnerabilities
Andra Smith October 13, 2022 September 30, 2020
Share This Article
Facebook Twitter Reddit Telegram Email Copy Link Print

STAY CONECTED

24.8k Followers Like
253.9k Followers Follow
33.7k Subscribers Subscribe
124.8k Members Follow

LAST 10 ALERT

How to disable news feed from Widgets on Windows 11
News 3 hours ago
How to fix performance issues after upgrading to Windows 11 23H2
News 3 hours ago
Update ASAP! Critical Unauthenticated Arbitrary File Upload in MW WP Form Allows Malicious Code Execution
Update ASAP! Critical Unauthenticated Arbitrary File Upload in MW WP Form Allows Malicious Code Execution
Wordpress Threats 5 hours ago
Fake CVE Phishing Campaign Tricks WordPress Users Into Installing Malware
Fake CVE Phishing Campaign Tricks WordPress Users Into Installing Malware
Wordpress Threats 23 hours ago
How to disable updates on Windows 10 Pro and Home
News 1 day ago

You Might Also Like

News

How to fix performance issues after upgrading to Windows 11 23H2

3 hours ago
Update ASAP! Critical Unauthenticated Arbitrary File Upload in MW WP Form Allows Malicious Code Execution
Wordpress Threats

Update ASAP! Critical Unauthenticated Arbitrary File Upload in MW WP Form Allows Malicious Code Execution

5 hours ago
Fake CVE Phishing Campaign Tricks WordPress Users Into Installing Malware
Wordpress Threats

Fake CVE Phishing Campaign Tricks WordPress Users Into Installing Malware

23 hours ago
News

How to disable updates on Windows 10 Pro and Home

1 day ago
Show More

Related stories

Several Critical Vulnerabilities including Privilege Escalation, Authentication Bypass, and More Patched in UserPro WordPress Plugin
BridesMaid – neuron writes toasts For those very occasions when you need to give out a powerful
The other day Yandex pleased us with the announcement of a new Midi station – an excellent reason to listen
REMIX – remixes of pictures from neural networksCreate, share and correct works
How to download Diablo IV for free and absolutely legallyBlizzard has opened a free
Rostelecom employees were forced to abandon Android and iOS in favor of Aurora.
Previous Next

10 New Stories

How to stop, disable, and remove any Android apps — even system ones
Patchstack Alliance Bounty Program Events for December
Your Smart Coffee Maker is Brewing Up Trouble
Bigger, Better, Cooler in a 2U1N form factor
Change screen brightness on Windows 11
Earn up to $10,000 for Vulnerabilities in WordPress Software
Previous Next
Hot News
How to disable news feed from Widgets on Windows 11
How to fix performance issues after upgrading to Windows 11 23H2
Update ASAP! Critical Unauthenticated Arbitrary File Upload in MW WP Form Allows Malicious Code Execution
Fake CVE Phishing Campaign Tricks WordPress Users Into Installing Malware
How to disable updates on Windows 10 Pro and Home
10alert.com10alert.com
Follow US
© 10 Alert Network. All Rights Reserved.
  • Privacy Policy
  • Contact
  • Customize Interests
  • My Bookmarks
  • Glossary
Go to mobile version
adbanner
AdBlock Detected
Our site is an advertising supported site. Please whitelist to support our site.
Okay, I'll Whitelist
Welcome Back!

Sign in to your account

Lost your password?