Introduction
The widespread use of outdated operating systems on mobile devices poses significant security risks. This issue affects both Android and iPhone users, leaving many devices vulnerable to security threats due to the lack of critical updates.
Description
Half of all mobile devices operate on outdated operating systems [1] [2] [3], with over 50% of Android users on unsupported versions [3]. Alarmingly, more than a quarter of these devices are unable to receive critical updates, leaving them exposed to recent security vulnerabilities. Google has ceased security updates for 200 million Android 12 users [3], further contributing to the prevalence of outdated OS versions [3]. This issue also extends to iPhone users [3], who may be using unsupported operating systems. The lack of updates and the presence of outdated firmware create untrusted environments [3], making devices highly susceptible to manipulation and exposing sensitive data [3]. The fragmented mobile landscape [3], characterized by numerous apps and devices [3], increases the risk of data loss [3], fraud [3], and enterprise breaches [3]. Additionally, the adoption of the BYOD (Bring Your Own Device) model exacerbates these risks [1], blurring the lines between work and personal usage [1]. Android users face significant threats from sideloading [3], while iPhone users are particularly vulnerable to mobile-targeted phishing and network interception attacks [3]. This vulnerability is underscored in the 2025 Global Mobile Threat Report by Zimperium [2], which also notes an increase in mobile-targeted attacks and app vulnerabilities as threat actors exploit the widespread use of smartphones in corporate settings [2].
Conclusion
The prevalence of outdated operating systems on mobile devices necessitates urgent attention to mitigate security risks. Users and organizations should prioritize updating devices and implementing robust security measures to protect sensitive data. As mobile threats continue to evolve, staying informed and proactive will be crucial in safeguarding against future vulnerabilities.
References
[1] https://www.24matins.uk/mobile-devices-now-lead-as-the-top-channel-for-corporate-cyberattacks-313706
[2] https://www.infosecurity-magazine.com/news/50-mobile-devices-run-outdated/
[3] https://www.forbes.com/sites/zakdoffman/2025/04/28/do-not-let-your-phone-get-on-this-dangerous-list/
