Millions of Android phones and tablets vulnerable to attack: What to do

(Image credit: Google)

Give yourself a break from KitKat! Tablets and smartphones running Android 4.4 (code name "KitKat") or older are highly susceptible to hacking attacks, according to a report from consumer insights firm Which?.

A staggering 42% of active Android users worldwide are still running Android 6.0 or earlier, which includes Marshmallow (2015), Lollipop (2014), KitKat (2013), Jellybean (2012), Ice Cream Sandwich (2011) and Gingerbread (2010). 

While Which? is issuing a warning for all Android devices that no longer receive vital security updates from Google (or 40% of Android users worldwide) researchers subtly suggested that KitKat OS devices (and older) should be chucked into the trash (or responsibly recycled) -- and we agree.

"Anyone with a smartphone that runs Android 4 or earlier should seriously consider whether it’s worth the risk to their data and privacy to continue using the device," the Which? report states.

Investigators at Which? tested phones and tablets, and discovered that many were susceptible to an array of malware threats and security vulnerabilities, including identity theft, loss of administrative control and credit-card fraud. 

"It’s very concerning that expensive Android devices have such a short shelf life before they lose security support – leaving millions of users at risk of serious consequences if they fall victim to hackers," said Kate Bevan, a computing editor at Which?.

In its report, Which? asked Android users to check for updates by navigating to Settings > System > Advanced > System update. If there is no option for updating to a newer version, "there will be an increased risk of using your device going forward -- especially if you are running a version of Android 4 or older," Which? warned.

If you're too stubborn to give up your ancient Android device, Which? offered the following tips to mitigate your vulnerability to security risks:

  • Be wary of downloads. Most security threats come from downloading apps that are outside the Google Play store. If you absolutely must download an app that's not on Google Play, double check that it's official. Manually re-enable the "unknown sources" block in your settings.
  • Watch where you're clicking. Threats can appear in the form of email, SMS or MMS. Don't click on any suspicious looking links, especially from unknown senders.
  • Back up your data. In the event something goes awry, you'll still have your precious data stored elsewhere.
  • Snag an antivirus app. There are various antivirus apps for Android users, but the older your device is, the more limited your options will be.

For Androids users with devices that recently lost support for updates, Which? offered reassurance that the OS won't immediately have issues, but the risk of being hacked does increase. As a rule, the older the phone, the greater the risk.

The Which? concluded its report with a call for device manufacturers to become more transparent about their OS' security vulnerabilities as they become obsolete.

Kimberly Gedeon

Kimberly Gedeon, holding a Master's degree in International Journalism, launched her career as a journalist for MadameNoire's business beat in 2013. She loved translating stuffy stories about the economy, personal finance and investing into digestible, easy-to-understand, entertaining stories for young women of color. During her time on the business beat, she discovered her passion for tech as she dove into articles about tech entrepreneurship, the Consumer Electronics Show (CES) and the latest tablets. After eight years of freelancing, dabbling in a myriad of beats, she's finally found a home at Laptop Mag that accepts her as the crypto-addicted, virtual reality-loving, investing-focused, tech-fascinated nerd she is. Woot!