Which? looked at Google’s own data, along with data from the Android Security Bulletin, to reach this figure. In May 2019, Google themselves showed that 42% of active Android users were still using version 6.0 (Marshmallow) or earlier, while the Android Security Bulletin says that no security patches were issued in 2019 for Android system versions below Android 7.0 (Nougat).
Rather than simply highlighting the problem, Which? then went about performing a limited test, asking an expert antivirus lab (AV Comparatives) to try to infect 5 different phones. Each phone tested was at least 3 years old and could only be updated to 7.0 or 8.0, but were still available to buy on the worlds’ largest online marketplace, Amazon.
The AV lab not only managed to infect all devices, with some it managed to infect them with multiple well-known viruses, including the Joker, Bluefrag and Stagefright viruses. None of the phones except a Samsung Galaxy A5 running Android 8.0 fully supported Google Play Protect, which is the built-in malware protection software for Android.
Apple typically supports their iPhone devices with security updates for around 5 years, and Microsoft usually supports older versions of their operating systems for as long as ten years. Google, it seems, have a much shorter security support buffer period.
What To Do If You Are Using An Old Android Device
If you think you could be one of the billion, the first thing to do is check which version of Android your device is using. To do this, open the main settings app, then look for About Phone/Device and tap Software Information. You will see the currently installed version here.
If your device is using a version of Android older than 8.0, check to see if you can update. Again in the settings app, look for Advanced > System Update, or sometimes you will just see Software Update in the main setting menu. Tap this and then Check for Updates.
If an update is available, download and install it. If not, you should consider upgrading to a newer device as soon as possible. If, however, upgrading is not an option for you right now, there are things you can do to reduce the risk of virus infection.
Install a Third-Party Antivirus App
Download and install some antivirus software on your device if you don’t already have some installed. There are a range of options available from the big names in antivirus (Norton, Kaspersky, AVG, etc.,) but some of these may not be compatible with very old versions of Android (such as Android 4.4).
Be Careful What You Download
Installing well-known apps through the Google Play Store should be pretty safe, but installing from outside of the official store is risky (this is known as sideloading). If you are planning on doing this, ensure the app is from a reputable source, and always re-enable the Unknown Sources block in the Android settings afterwards.
Backup Your Data
In an ideal world, you should be backing up your data at least monthly. Many newer devices have features in place to do this automatically, but older devices may not. Try to back up to a local location (your computer for example) but if this isn’t possible, back up to a free cloud service like Dropbox or Google Drive.