More than 1 billion Android devices are vulnerable to hackers - here’s why

Friday, 6th March 2020, 12:27 pm
Updated Friday, 6th March 2020, 12:28 pm

More than one billion Android devices around the world are vulnerable to attack by hackers because they are no longer supported by security updates and built-in protection, according to new research.

Consumer watchdog Which? found that 40 per cent of Android users have been running old versions of the Google-made operating system (OS) that no longer receive vital updates.

While the devices in question won’t immediately have problems, without security support there is an increased risk to the user.

Sign up to our daily newsletter

The i newsletter cut through the noise

Most at risk phones run Android 4.0 and older

The most at risk phones run the Android 4.0 OS and older. However, those using devices on Android 7.0 that can’t update to a newer version should also be concerned.

The study, based on Google data, aims to highlight the importance of using up to date security software to avoid having your personal data stolen, getting spammed by ads or even signed up to a premium rate phone service.

The watchdog estimates that there are millions of smartphone users in the UK alone at risk of data theft and other cyber attacks.

It also believes Google and other software developers need to be transparent regarding obsolete, software and should help users whose devices are no longer supported.

'Google and phone manufacturers need to be upfront about security updates'

Kate Bevan, Which? Computing editor, said, "It's very concerning that expensive Android devices have such a short shelf life before they lose security support, leaving millions of users at risk of serious consequences if they fall victim to hackers.

"Google and phone manufacturers need to be upfront about security updates - with clear information about how long they will last and what customers should do when they run out.

"The government must also push ahead with planned legislation to ensure manufacturers are far more transparent about security updates for smart devices - and their impact on consumers."

Which? experts took a selection of affected phones and tablets into its labs, including handsets still available to buy from online marketplaces, such as Amazon.

Phones tested included the Motorola X, Samsung Galaxy S3, Sony Xperia Z2 and the Nexus 5, which was made by LG and marketed by Google.

Which? asked anti-virus lab AV Comparatives to infect them with malware - and it succeeded on every phone, creating multiple infections on some. The company said it shared its findings with Google but the tech giant "failed to provide reassurance that it has plans in place to help users whose devices were no longer supported".

Which? wants Google and others to provide far more transparency around how long updates for smart devices will be provided.

And, it said the mobile industry needed to do a better job of giving support to customers about their options once security updates are no longer available.

How to check whether your phone is vulnerable and what to do

-If your Android device is more than two years old, check whether it can be updated to a newer version of the operating system. If you are on an earlier version than Android 7.0 Nougat, try to update via Settings> System>Advanced System update

-If you can't update, your phone could be at risk of being hacked, especially if you are running a version of Android 4 or lower. If this is the case, be careful about downloading apps outside the Google Play store

-Be wary of suspicious SMS or MMS messages

-Back up data in at least two places (a hard drive and a cloud service)

-Install a mobile anti-virus via an app, but bear in mind that the choice is limited for older phones