Google Warns of Active Android Attacks Leaving Over 30% of Phones Without a Security Fix

Google Warns of Active Android Attacks Leaving Over 30% of Phones Without a Security Fix

Google has confirmed that Android users worldwide are facing active cyberattacks exploiting critical security vulnerabilities, with millions of devices left permanently exposed. The company acknowledged that at least two major Android flaws are already being used in real-world attacks, not theoretical threats or future risks.

While Google has released patches, a significant portion of Android users will never receive a fix, raising serious concerns across the cybersecurity community.

Targeted Android Spyware Attacks Are Already Underway

According to Google, the attacks initially appeared as highly targeted spyware campaigns, affecting a limited number of users. However, cybersecurity experts warn this pattern is common. Once attackers prove a method works, it often spreads rapidly across different hacking groups.

What begins as a narrow operation can quickly evolve into mass exploitation, significantly increasing the number of victims.

Security Fixes Available — But Not for Everyone

Google has issued security updates to address the vulnerabilities, but only devices running Android 13, Android 14, Android 15, or Android 16 are protected. This limitation leaves a large segment of users exposed.

More than 30% of Android phones still operate on Android 12 or older versions, according to platform distribution estimates. That represents nearly one billion devices that are no longer supported and will never receive these critical security patches.

For affected users, there is no workaround. If a device cannot upgrade to a newer Android version, it remains vulnerable indefinitely.

Update Delays Increase Risk Even on Supported Phones

Even users with newer Android devices are not fully protected immediately. Android updates do not reach phones at the same time. Manufacturers must first adapt Google’s fixes for their hardware, a process that can take weeks or even months.

During this delay, devices remain exposed to known exploits.

User behavior also plays a role. Many people postpone installing updates due to inconvenience, fear of bugs, or performance concerns. Security experts warn that unpatched phones are significantly easier to compromise.

Fragmented Update System Creates Security Gaps

Android’s update structure adds another layer of complexity. Some security fixes are released in stages. Initial patches may address surface-level issues, while deeper system fixes depend on manufacturers and chipset providers.

Google also distributes updates through Play system updates, designed to protect core Android components. However, these updates can be delayed or inconsistently rolled out across devices. Even premium phone owners, including some Samsung users, have experienced long delays.

Apple’s Update Model Highlights the Difference

The situation contrasts sharply with Apple’s iPhone ecosystem. Apple controls both hardware and software updates, allowing it to push security fixes to all supported devices simultaneously. As a result, most iPhones run current software versions, reducing long-term exposure to known threats.

Huawei Phones Use a Separate Software Ecosystem From Google Android

Huawei devices operate within a different ecosystem that may limit exposure to some Android-based attacks. Newer Huawei smartphones do not rely on Google Mobile Services and instead use HarmonyOS, along with Huawei’s own security framework and AppGallery ecosystem. Because many Android exploits are designed specifically to target Google services or widely used Android components, Huawei’s separate software stack can reduce the attack surface for certain threat types

Experts Warn Attacks Could Escalate Quickly

Cybersecurity analysts warn that the current Android attacks may expand rapidly. Once exploit tools circulate among attackers, unsupported devices become the easiest targets.

Outdated phones are especially attractive because attackers know they will never be patched, making them ideal for long-term exploitation.

Calls Grow for Extended Android Security Support

The situation has reignited debate over Android’s support lifecycle. Some experts suggest introducing an extended security update model, similar to Microsoft’s approach for older Windows versions, to reduce large-scale risk.

For now, responsibility falls largely on users.

What Android Users Should Do Now

Check your Android version immediately

Install all available updates without delay

Avoid suspicious links, messages, and downloads

Consider upgrading if your device no longer receives security patches

As Android attacks grow more advanced, unsupported devices are increasingly defenseless. For millions of users, protection has already ended — and the risks are only increasing.