British consumer watchdog Which? has found that 40 per cent of Android users have been using old versions of the Google-made OS that no longer receive vital updates, TechRadar reports. The most at-risk phones are any that run Android 4 or older Android 4 was issued in 2012); however, the problem extends up to devices running the Android 7 operating system (Android 7 was issued in 2019). The approximate 40 percent figure is because, Google told the BBC, 42.1 percent of Android users worldwide are on version 6.0 of its operating system or below. The current Android operating system is version 10.
READ MORE: Haken malware discovered on Google Play Store
As reported on ZDNet, the U.K. consumer rights group purchased several three-year-old Android devices (running Android 7.0). Using hackers, it was found that each device could easily be infected with malware. The malware used was Joker (alternatively called Bread) and a different infection called Bluefrag, which is a critical vulnerability that focuses on the Bluetooth component of Android.
Looking at the issues for Digital Journal, Will La Sala, Sr. Director of Global Solutions at OneSpan says: “These are worrying finds, and further highlights that mobile devices are untrusted and potentially hostile environments.”
In terms of Android versions, La Sala says: “Although the recent launch of Android 10 introduced updated security features, many consumers aren’t able to access them because their carrier or device manufacturer will not distribute the updated OS. It’s not surprising to see that Google’s own data shows that 42.1 percent of Android users globally are on version 6 or below.”
He adds that: “Indeed, 9 months after its release, only 10.4% of Android users had installed version 9.”
In terms of the significance stemming from the vulnerability, La Sala notes: “For mobile developers, it’s clear that they can’t depend solely on the security of the operating systems or manufacturers’ device to secure their apps. Security features must be baked into the app development process from the start and developers must operate under the assumption that their apps will be installed on and launched on some number of insecure devices.”
In terms of preventative measures, La Sala recommends: “Technologies such as application shielding will help applications remain secure even when there are holes in the platform. Application shielding can harden the application by securing the way it is deployed to application stores, and strengthening the way the platform interacts with the application.”
