Samsung, Pixel and Android update warning – 500 million phones are now “vulnerable to attack”

Google has now released details of October’s Android security update, warning that the “most serious” of seven high-severity vulnerabilities “could lead to remote code execution without requiring additional execution rights.” Additionally, there are a number of highly serious fixes for third-party components that put devices at risk.

As usual, the situation is more straightforward for Pixel owners than for other OEMs, and that’s especially true for Samsung users who are still suffering from the surprise Android 15 delay that was suddenly confirmed last week. Samsung has also released details of its own October security update, which fortunately now includes two critical Qualcomm vulnerabilities that were delayed compared to September’s Android update.

Of course, not all Pixel and Samsung devices are eligible for updates, and you should check to make sure you’re still receiving these important updates. You can do this here for Pixel and Samsung, the latter of which also specifies whether these updates occur monthly, quarterly or even semi-annually. Suffice it to say, if you don’t have monthly updates, your device will be at risk for a long time.

ForbesGoogle Play Store app deletion – big change confirmed for millions of usersFrom Zak Doffman

The duration of support entitlement has become something of a competition between Google and Samsung and is now significantly longer than before. Seven years has become the new standard for flagships, which will likely outlast the life of the device, especially as annual AI performance updates become the norm and some of these features make their way into budget phones.

Samsung is even expanding support for budget devices: the new Galaxy A16 5G, launched to compete with low-end Chinese devices, has six years of support – unprecedented at this level. “If you buy the Galaxy A16 5G,” it says Android Authority“You can expect updates by October 2030. If you weren’t convinced that Samsung is the king of software updates, we hope you are now.”

But extended support is a new shift for Android, and there are still a shocking number of devices that have fallen out of support, which was easy to do with just three or four years of support eligibility. Zimperium’s Global Mobile Threat Report, released two weeks ago, warns that a staggering 14% of Android devices used in enterprises “cannot be updated, leaving them vulnerable to exploitation.” For iPhones, the number is significantly lower at just 1% at risk.

That’s the company’s risk, but Zimperium also reports a higher 18% share of Android devices now running versions of the operating system that can no longer be updated, which is broadly the same for the iPhone. Given the much more open nature of Android, the risks are higher – especially when looking back several years. And while Google’s various service updates still protect devices to some degree, the risks are very high.

ESET’s Jake Moore warns that “outdated operating systems can be vulnerable to attacks as criminals look for vulnerabilities that go unpatched and target people’s data.” If phones and tablets are left without patch management, they miss out the latest security updates. They may be safe in the first few weeks or even months after their support ends, but over time, even if the devices appear healthy, they could still easily become targets of newly discovered vulnerabilities.”

The statistics suggest that at least 500 million Android devices are now at risk and operating system versions are no longer eligible for support. According to StatCounter, almost 34% of devices are running Android 14 and 20% are running Android 13, but one in five are still using Android 11 or 12, and an alarming 4% are still running Android 9, which Google stopped supporting in 2021. Android 10 reached end of life in 2023 and Android 11 in February this year.

Overall, this means that around 25% of Android devices are running outdated operating system versions, up to 750 million out of 3 billion phones. As dire as this situation is, it strangely represents an improvement over the over one billion devices that were reportedly unsupported in 2020, which accounted for a shocking 40%, or two out of every five devices in use at the time.

ForbesGoogle tracks your location “every 15 minutes” – “even if GPS is disabled”From Zak Doffman

Not only do you need to ensure that your device is eligible for support, but also that it receives these updates when they are released. “It’s important to ensure that devices are set to automatically update their operating system,” says Moore, “but when these devices reach the end of their life, it’s worth considering purchasing a newer phone or tablet.” that offers the latest and most secure features.” Updates to stay protected from the latest threats.”

Compared to Apple’s “all at once” approach to iOS updates, the situation with Android is more complex, as updates are delivered by OEM, model, region and network and are distributed throughout the month. Reports are still coming in that Samsung devices are only just starting to receive the September updates, where critical updates – as detailed above – were delayed by a month.

It’s been a dangerous year for Android, with multiple warnings that critical security threats had triggered attacks in the wild and emergency patches. Don’t take the risk, especially in a world where you can now get a cheap device with years of support.