Overview
- Android 12 and earlier no longer receive critical security patches, placing more than one billion devices outside Google's protection window.
- Fresh distribution data shows slow migration to supported releases: Android 16 at 7.5%, Android 15 at 19.3%, Android 14 at 17.9%, and Android 13 at 13.9%.
- Google confirms active spyware operations are exploiting vulnerabilities in unsupported phones, heightening the immediate risk to users' data.
- Google recommends moving to a device that can run Android 13 or newer, noting that Play Protect helps with malware scanning but does not replace OS security updates.
- The update gap reflects structural issues in the Android ecosystem, with manufacturers controlling support lifecycles and some models—such as Samsung’s Galaxy S21 series—now off security updates.