More than a billion Android devices are vulnerable to attack by hackers because they are no longer supported by security updates and built-in protection, according to a study from Which?
Which? used data from Google to establish that 40 per cent of Android users worldwide are no longer receiving security updates from Google, potentially putting them at risk of data theft, ransom demands and a range of other malware attacks that could leave them facing bills for hundreds of pounds.
Which? took a selection of affected phones and tablets into its labs, including handsets still available to buy, and found they could easily be hit by a range of malware and other threats. Phones tested included models from Samsung, Motorola, Sony and LG/Google.
The tests Which? conducted found vulnerability to hacks that would enable the hacker to steal personal information; take complete control over the phone; or run up large bills for services that the phone owner hasn’t used.
Recently out-of-support devices won’t immediately have problems, but without security updates, the risk to the user of being hacked goes up exponentially. Generally speaking, the older the phone, the greater the risk, Which? said.
The magazine said that anyone using an Android phone released around 2012 or earlier – including popular models like the Samsung Galaxy S3 and Sony Xperia S – should be especially concerned, since it’s likely they will be running a version of Android that does not include a variety of security enhancements that Google has been rolling out since.
Which? shared its findings with Google and asked the company how many UK users are likely to be affected, but Google declined to respond. Which? estimates, however, that there could potentially be millions of old unsupported Android devices still in use in the UK. Which? is calling for more transparency around how long updates for smart devices will be provided so consumers can make informed buying decisions.
“It’s very concerning that expensive Android devices have such a short shelf life before they lose security support – leaving millions of users at risk of serious consequences if they fall victim to hackers,” said Which? Computing editor, Kate Bevan. “Google and phone manufacturers need to be upfront about security updates – with clear information about how long they will last and what customers should do when they run out.
"The government must also push ahead with planned legislation to ensure manufacturers are far more transparent about security updates for smart devices – and their impact on consumers.”