Coming September 2022, almost one-third of the world’s smartphones running Android will be running an outdated, unsupported operating system.
Android devices occupy roughly 70% of the market, but many of those devices pose a security risk as Google no longer supports them. Let’s take a closer look at the Android OS distribution and the platform’s immediate cybersecurity future.
One of Android’s problems is OS fragmentation. Google has released many Android versions in the past 14 years. Only the last three iterations continue to receive support, but that’s not unusual. It’s customary for companies to drop support after a while for specific products.
Google supports each new version of the OS for an average of three years but launches a new version each year. As you can imagine, people don’t just throw away their devices when the three years are up. Lots of people continue to use unsupported devices for many years, posing a huge security risk.
Security as a feature
When users choose a new phone, they usually consider screen size, ease of use, processing power, image quality and many other features. Unfortunately, the security support timeframe is rarely a deciding factor when choosing a device.
Nothing really happens when a device reaches end of life. It still works, and if the user is happy with its performance, he keeps using it. And you might be tempted to say that, as long as it does its job, it’s not worth investing in another device to perform the same tasks.
This is where security comes in. When a company drops support for a device, the user is free to use it, but if any vulnerability is discovered after that point, the company no longer patches it. While the device is still useful, it’s also highly vulnerable.
Attackers know the statistics
Old and unsupported devices are among an attacker’s best friends – especially devices dropped by manufacturers, forgotten or ignored by users, and still in use today. Unlike iOS, the Android OS space is fragmented. We can still find devices running Android versions launched a decade ago, and they’re a lot more prevalent than you might suspect.
We looked closely at devices running Bitdefender Mobile Security on Android. We were interested to see the OS distribution across the entire spectrum, and the results have been surprising, to say the least. For reference, the last supported version is Android 10, which is likely to reach end of life in September 2022, when Google is expected to announce Android 13.
If we do the math, when support for Android 10 disappears in September, 35 percent of Android devices running Bitdefender Mobile Security won’t have support from Google. Interestingly, many devices are still running operating systems that are five years old or older.
Don’t underestimate security patches
Whenever a new vulnerability surfaces, the first advice is always the same, no matter the platform: apply the latest security patches as soon as possible. For Android devices running end-of-life operating systems, though, that’s not an option.
Numerous scenarios exist where people expose essential data and information by using unsupported devices. For example, an entire industry is built around old Android phones that could be “transformed” into surveillance cameras. Leaving aside that many of these apps are actually used to stalk people, even if a phone is used for regular surveillance, would you want an extremely vulnerable device that could provide attackers with a live feed of your house?
Of course, the best advice is to always consider the support period for any device when buying a new one. Also, it’s a good idea to check if any of the smart devices around the house run operating systems manufacturers no longer support. Running Bitdefender Mobile Security on older devices is a good idea, but upgrading to a device that still receives security patches is always recommended.