Google is sounding the alarm for Android owners, warning that outdated phones and unsafe apps are leaving millions of people exposed to serious attacks. The company is urging users to install the latest security updates immediately or, if their devices are too old to receive them, to consider moving on from those handsets altogether. At stake is not just performance or convenience, but whether your everyday phone can be quietly hijacked, monitored, or locked for ransom.
The warning lands at a moment when attackers are aggressively targeting older Android versions and tricking users with apps that look legitimate but can later push harmful updates. With nearly 40 per cent of old Android phones now considered unsafe, the gap between those who update promptly and those who ignore alerts is becoming a clear dividing line between relatively secure users and easy targets.
Why Google is warning Android users now
Google is not issuing this alert lightly. According to the company, a large number of smartphones are now at risk from malicious apps that initially appear harmless, then later download or receive dangerous code once they are installed. Reporting on the warning notes that Google has issued notice that some apps can later push harmful updates, turning what looked like a useful tool into a backdoor for attackers. I see this as a shift from one-off malware downloads to a more patient strategy, where criminals wait until an app has built trust before flipping the switch.
The broader concern is that millions of devices are still running outdated Android versions that no longer receive critical patches. In its public messaging, Google and Android security teams have framed the current situation as a critical moment for users to take updates seriously, not as optional extras. When I look at the pattern of recent advisories, the message is clear: if your phone cannot keep up with the current security baseline, it is not just old, it is unsafe by design.
Forty per cent of old Android phones are now unsafe
The scale of the problem is stark. As of now, nearly 40 per cent of old Android phones worldwide are considered unsafe, a figure that should make any user pause before dismissing that next update notification. Cybersecurity researchers have warned that these older devices are particularly vulnerable to apps that are being promoted aggressively through ads and social media, then later used to push harmful updates. In practical terms, that means a budget handset from several years ago, still running an outdated system, can be turned into a surveillance device or a bot in a criminal network with very little effort from the attacker.
Google has gone further, warning that many devices simply cannot get the latest protections at all. The company has advised that if your phone cannot update to Android 13 or newer, you should think about replacing it, because it cannot get the latest updates that block current malware campaigns. In its guidance, Google has warned that many older phones fall into this category, leaving roughly 40 per cent of Android handsets exposed to new malware. From my perspective, that is not a scare tactic, it is a blunt acknowledgment that the Android ecosystem still includes a huge tail of unsupported devices that are now soft targets.
What the latest Android and Pixel security bulletins fix
Behind the public warnings sits a dense list of technical fixes that quietly close off real attack paths. The latest Android Security Bulletin details multiple vulnerabilities across the operating system, including issues in the framework, system components, and hardware-specific code that could allow remote code execution or privilege escalation. When I read through these bulletins, what stands out is how many of the flaws could be chained together, letting an attacker move from a malicious app to deeper control of the device without the user ever realizing something is wrong.
Google has also published a dedicated Pixel bulletin that focuses on security vulnerabilities and functional improvements affecting supported Pixel devices. The Pixel Update Bulletin contains details of security vulnerabilities and functional improvements that are addressed in the February 2026 Android Security Bulletin, which means Pixel owners who install the update are effectively getting a bundled fix for both core Android issues and Pixel specific bugs. For users, the takeaway is simple: if your phone is on the supported list, the update is not just a performance tweak, it is a direct response to known security holes that attackers could already be probing.
Which phones are getting fixes, and which are left behind
Not every Android phone is treated equally when it comes to updates, and that gap is becoming more visible as Google tightens its security posture. For Pixel owners, the company has confirmed that All supported Pixel 16 will receive the February 2026 software update, which includes the latest security patches. A separate rundown of supported models notes that if you are wondering whether your Pixel is on the list, there is now a clear roster of devices that are still in line for regular fixes. In practice, that means recent phones like the Pixel 8 series are covered, while much older models have aged out of guaranteed support.
Other manufacturers are also pushing their own patches, particularly for high end devices. Samsung, for example, maintains a dedicated security update portal that tracks firmware fixes for its phones. Within that, a specific advisory notes that SVE-2025-1140 (CVE-2026-20977) affects Affected versions Android 14, 15, 16, describing an issue with improper authorization in KnoxGuardManager that was marked with Disclosure status Privately disclosed. The fact that such a deep system component needed a fix underlines why relying on an unpatched device is so risky: even features designed to protect the phone, like KnoxGuard, can themselves become attack surfaces if they are not kept current.
How attackers are exploiting unsafe apps and outdated phones
The current wave of threats is not limited to technical vulnerabilities in the operating system. Cybercriminals are also leaning heavily on social engineering, using slick marketing and fake reviews to push apps that look useful, then later weaponizing them. Reports on the latest alert describe how Android users are being urged to delete apps that can later push harmful updates, precisely because these apps can slip through initial checks and only reveal their true behavior after they have been widely installed. From my vantage point, this is a reminder that even the best platform level security cannot fully protect users who are persuaded to install the wrong software.
Cybersecurity experts have warned that these malicious apps are being promoted aggressively, often with promises of free VPNs, photo filters, or system cleaners that claim to speed up older phones. In parallel, Cybersecurity researchers have stressed that users who ignore warnings about these apps, or who keep installing software from untrusted sources on already outdated phones, are putting themselves at particular risk. When I connect that with Google’s own data on unsupported devices, it paints a picture of attackers deliberately targeting the least protected slice of the Android base, where both the operating system and the user’s habits work in their favor.
