Is your phone at risk now?
ullstein bild via Getty Images
Take this seriously. You must now check if your Android phone is at risk of “banking trojans and spyware, backdoors and data theft”. There’s a good chance it is. Over 30% of all Androids are missing critical new Google updates.
The warning comes from Zimperiumwhich states that threats are now “bypassing simple signature-based defenses using advanced evasion and dynamic payload delivery.” It says this mandates “timely patching to reduce exposure to mobile malware.”
However, Zimperium more than any other security company has highlighted the growing threat from smartphones that have fallen out of support. And while maintaining security through “careful app sourcing, minimized permissions (and) continuous behavior-based monitoring” is critical, nothing is as critical as making sure a phone’s operating system is up-to-date.
Zimperium says that “at any given time of the year, over 50% of mobile devices are running outdated OS versions, and a significant number are compromised or infected.” This number is split between phones that can update but haven’t and those that no longer have access to fixes. This last category is now about 33% of Android phones.
Last month was ‘Dangerous December’, with Google and Apple warning of attacks on their smartphones and releasing emergency updates. None of the currently unsupported phones have these fixes. All these phones are now at risk.
While a much lower percentage of iPhones than Androids typically miss updates, that has changed in recent weeks. Apple’s decision to mandate any device newer than the iPhone 11 to upgrade to iOS 26 to receive new security patches has exposed hundreds of millions of devices. This is true for Android.
If your phone is no longer receiving manufacturer security updates — ideally every month — then you really need to upgrade. If your phone is supported but you haven’t checked and updated recently, please do so now. It’s not worth the risk.
If you can’t get the latest updates, then you should also reboot weekly — at least. This will kill any spyware or malware running on your phone, although it might well restart when you restart your phone. That’s why security patches are so critical.
