Do you need to change your phone?
There’s a twist to the viral Microsoft news in recent days, as the company suddenly reversed its decision to end free security updates for 700 million Windows 10 users. Without any such fanfare, Google did exactly the same some weeks ago for many more users, most of whom missed the deadline to upgrade their Android phones.
Google’s decision to stop backporting security updates for any OS older than Android 13 has left almost one-third of all users at risk, running devices that only receive critical security updates if the manufacturer does that work instead. That means between 750 million and 1 billion users are vulnerable to all those attacks Google warns about.
This isn’t the only security risk for those users. Google has also changed the Play Integrity API used by developers to check the OS their apps are running on, again drawing a line between Android 13 and newer (good) and Android 12 and older (bad).
Android Distribution Chart (from Google’s servers).
And just days ago we saw Google confirm it is ending Chrome updates (including critical security fixes) for Android 8 and Android 9 users. At 10%, that’s less than half as many as those on Android 10, 11 and 12. But it’s still 300 million users.
Google’s confirmation that Android 12 is falling off its monthly support schedule, and that its Play Integrity API is ramping up, essentially set a deadline for security-minded users to upgrade their phones (assuming an OS upgrade is not possible).
As Android Authority warned at the time: “Still have an old device running Android 12? It’s finally time to upgrade.” While some manufacturers might still backport updates when Google is not, “few have the resources or desire to do this, so if you still have an Android 12 or 12L device, it’s time to upgrade if you value security.”
