Summary: Google has confirmed that over 40% of all active Android devices—more than one billion phones—are no longer receiving critical security updates. Devices running Android 12 or older are now permanently vulnerable to new malware and spyware strains, as manufacturers end support for legacy hardware.
Business Impact: High “Shadow IT” Risk. Many employees use personal older phones for work (BYOD). These devices are now gateways for credential theft and corporate data exfiltration. In Bahrain, where legacy devices are common in the workforce, this poses a direct threat to enterprise perimeters.
Why It Happened: The natural “end-of-life” cycle for mobile hardware has hit a massive bottleneck. Phones introduced before 2021 lack the hardware security modules required for modern Android versions, leaving a billion-user gap for attackers to exploit.
Recommended Executive Action: Update your BYOD policy to mandate Android 13 or newer for any device accessing corporate email or VPNs. Conduct an audit of “Work Profile” enrollments to identify and phase out unsupported hardware.
Hashtags: #AndroidSecurity #MobileRisk #GoogleAlert #CyberHygiene #BYOD #LegacyTech