Google issued a security warning this week affecting more than one billion Android phones. The company confirmed that 40% of active Android devices no longer receive operating system security patches.
The vulnerability centers on phones running Android 12 or earlier versions. According to distribution data cited by Forbes, only 58% of Android devices worldwide currently run Android 13 or newer software.
Current Android version adoption shows a fragmented market. Android 16 reaches just 7.5% of devices as of December 2025, while Android 15 accounts for 19.3%, Android 14 for 17.2%, and Android 13 for 13.9%.
Phones released before 2021 face the greatest risk, with many unable to upgrade beyond Android 12. This includes former flagship models like Samsung's Galaxy S21 lineup and Google's own Pixel 6 series.
Samsung has confirmed that Galaxy S21, S21 Plus, and S21 Ultra models no longer receive Android updates or security patches. The company also reduced update frequency for Galaxy S22 devices and the Galaxy S21 FE from monthly to quarterly intervals.
Google's Pixel 6 and Pixel 6 Pro, launched in October 2021 as the first Tensor-powered phones, originally reached their final major update with Android 15, but Google extended support in December 2024 to include Android 16 and Android 17. Google originally promised three years of operating system updates for these devices.
Manufacturer support windows vary significantly across the Android ecosystem. Unlike Apple's unified update system for iPhones, Android security patches depend on individual phone manufacturers who frequently end support after two to three years.
Google Play Protect continues to provide malware scanning for devices running Android 7 and newer. However, this application-level protection cannot address vulnerabilities in the operating system itself.
System-level security updates patch fundamental flaws in Android's core architecture. Without these critical fixes, even cautious users face increasing exposure to sophisticated cyber threats.
Recent reports of Google Play system update dates appearing to revert from January 2026 to November 2025 caused user concern. Google clarified this was a display issue rather than a security problem.
Incorrect date labels do not indicate reduced protection or security regression.
Google is developing a fix to ensure update information displays accurately.
Security analysts note that current mid-range phones with active software support now provide better protection than older premium models running outdated software. Continuous security updates have become more important than hardware specifications.
Google advises users to verify their Android version through Settings, then "About Phone," checking the security patch level. Devices stuck on Android 12 or earlier without available upgrades should be replaced.
The security gap highlights Android's fragmented update system where affordable and mid-tier models frequently lose support within two to three years of release. This creates security disparities between users with newer devices and those maintaining older hardware for financial reasons.
Regulatory responses are emerging. The European Union's Ecodesign for Sustainable Products Regulation seeks to mandate minimum software update periods for smartphones as both consumer protection and environmental sustainability measures.
Google and Samsung have expanded support commitments for recent devices. The Pixel 8 series and Galaxy S24 lineup now include seven-year OS and security update guarantees, significantly exceeding previous three to four year windows.
For millions of Galaxy S21 and Pixel 6 owners, the Android 17 exclusion represents more than feature limitations. Banking applications, government services, and healthcare platforms increasingly require minimum Android versions, potentially restricting access to essential services.
This warning highlights the persistent fragmentation of the Android ecosystem, where as of December 2025, only 7.5% of devices run the latest Android 16.
