Short cycle of security support could put ‘millions’ of Android users at risk


6 Mar 2020

Image: PA Media

UK consumer group Which? has urged Android users running versions from before 2016 to update their devices to protect themselves.

More than 1bn Android phones and tablets around the world could be vulnerable to hackers because they are no longer supported by security updates, new research has suggested.

A report by UK consumer group Which? found that around 40pc of Android users were running older versions of the software, which no longer receive security updates from Google.

Android is the world’s most popular mobile operating system and as a result, Which? says there are potentially millions of smartphone users at risk of data theft and other cyberattacks.

According to 2019 figures from Google, there are more than 2.5bn active Android devices in the world.

Vulnerabilities found

Older versions of mobile operating systems, generally those more than two years old, often have security updates from developers stopped – with firms such as Google encouraging users to instead update to a newer version of the operating system in order to best secure their device from modern cyber threats.

Google and Apple – the makers of the world’s two most popular mobile operating systems, Android and iOS – release new versions of their software annually, followed by smaller, periodical updates for several years to fix any further issues found within them.

According to the Which? report, older phones tested from manufacturers including Motorola, Samsung, Sony and LG were found to have vulnerabilities, and Which? said anyone using an Android phone released in 2012 or earlier – including popular devices at the time such as the Samsung Galaxy S3 and Sony Xperia S – should be “especially concerned”.

It also encouraged anyone running a version of Android older than 7.0 Nougat, which was first released in 2016, to try and update their software as this version is now no longer supported by Google.

Longer periods of support needed

However, if a device cannot be updated it will likely need to be replaced. Which? computing editor Kate Bevan argued that consumers should be able to rely on longer periods of support for their mobile devices.

“It’s very concerning that expensive Android devices have such a short shelf life before they lose security support – leaving millions of users at risk of serious consequences if they fall victim to hackers,” she said.

“Google and phone manufacturers need to be upfront about security updates – with clear information about how long they will last and what customers should do when they run out.

“The government must also push ahead with planned legislation to ensure manufacturers are far more transparent about security updates for smart devices – and their impact on consumers.”

The UK government has previously announced plans for new laws that will force manufacturers to improve the security standards of internet-connected gadgets, including stating a minimum length of time for which the device will receive security updates.

Google has not responded to a request for comment on the report. The Which? research said that, generally speaking, the older the device, the greater the risk of it being vulnerable to hackers.

However, previous studies have indicated that smartphone owners in Europe and the US are holding onto their devices for longer, with smaller steps in innovation each year and the rising price of smartphones cited as key reasons for not upgrading more regularly.

– PA Media