Android phones and tablets wear out — just not like the tires on your car or the soles of your shoes. Older Android phones simply use obsolete operating systems that your phone-carrier or tablet-maker no longer supports.

If your Android no longer receives updates, it doesn’t have the latest security patches to protect it from malware. Malware is a general term that refers to various forms of hostile or intrusive software. Malware lets cybercriminals control your devices and steal personal information.

The third quarter 2015 Mobile Malware Report released by security firm G DATA revealed that more than 80 percent of Android users worldwide are using outdated software, versions that have known security holes.

Mobile security researchers reported that more than 6,400 new instances of malware target Android devices daily. For Android users who bank and host other sensitive information on their phones and tablets, that’s frightening.

The report’s findings are based on a survey G DATA conducted in October 2015 among users of the company’s security solutions for Android devices. The results do not include the Android 6 Marshmallow version, as it had not been widely adopted.

Invite Attackers In

G Data engineers researched the new malware attacking Android devices each quarter and discovered that many people using dated versions of the operating system. In case you skipped the unassigned reading, the latest release from Google’s Android operating system is version 6.0.1 released in October of 2015, known as Marshmallow. More recent versions that may not have been delivered to users include Lollipop 5.0 to 5.1.1, KitKat versions 4.4–4.4.4 and 4.4W–4.4W.2, Jelly Bean versions 4.1 to 4.3.1 and Ice Cream Sandwich versions 4.0 to 4.0.4.

Earlier versions date back to 2009 with names such as Honeycomb, Gingerbread, Froyo, Eclair, Donut and Cupcake. Almost 12 percent of current Android OS users still are running Froyo and Gingerbread, which are about five years old.

Know Your Device Version

If you don’t know which version you’re operating, go to Settings/About device/ and look for the label Android version.

You will see a number that corresponds with the list above; the cutesy names that Google assigns to each version are not included.

The primary reason for the outdated versions is attributable to the long delays inherent in receiving updates from phone vendors and mobile service providers. Another cause is that older devices can’t receive OS updates.

Andy Hayter, a security evangelist for G Data, is concerned about how many users are vulnerable to intrusion, particularly those running older operating systems: “This opens up a huge attack surface of users with holes and vulnerabilities in their operating system just waiting to be hit. With the continued growth in malware instances that the researchers also found, this is certainly a cause for concern and something consumers should really take seriously.”

What Lies Ahead

G DATA’s report found that the number of malware samples by the end of the third quarter of 2015 already included more malware instances (1,575,644) than in all of 2014 (1,548,129). In the third quarter alone, 574,706 different malware strains were found. This is an increase of 50% over the same period last year.

The G DATA malware report issued a sobering forecast for users and consumers who want to keep their aging Android devices in service:

  • Android as a gateway for the Internet of Things: From fitness apps to vehicles, more and more devices are networked together and can be linked to a smartphone or tablet. Such applications and the Android operating system are becoming more popular among cyber criminals, as they can offer a route for attack.
  • More smartphones with pre-installed malware: More and more smartphones and tablets come pre-loaded with manipulated firmware.
  • Complex malware for online banking fraud: G DATA security experts expect to see an increase in complex malware that combines Windows and Android attack campaigns on online banking customers.

What You Can Do

Hayter recommends installing an anti-malware product on your mobile devices regardless of their OS version. Most mobile malware can be detected and stopped dead in its tracks with an up-to-date mobile antimalware solution.

“If you are going to connect from a free wireless access point, it would be a good idea to have a VPN (Virtual Private Network) installed and active on your mobile device,” says Hayter, adding that you should add this security feature regardless of your current operating system. “This is especially necessary if your mobile device is a laptop computer. Having the latest patches applied will go a long way towards preventing malware from taking advantage of a vulnerability in the operating system.”

Two more things can help keep your mobile devices out of harm’s way. One is restricting your sources of software. Hayter advises customers to download safely, “preferably from the Google Play store, Apple App Store or directly from a trusted application provider.”

Also, frequently check for updates to your apps. An update provides improved function and performance, while also fixing malware vulnerabilities.