• New vulnerabilities threaten old Android phones
• Billion devices out of security update coverage

Google has issued an urgent security warning about the exploitation of two critical flaws in the Android system, exposing smartphone users to major risks, especially as security updates are available only for some recent versions of the system, leaving over a billion older devices unprotected.

The company said the two vulnerabilities could be exploited in a limited and targeted way, noting that the first allows exposure of sensitive system data, while the second grants the attacker higher privileges than they should have on the device, enabling malicious apps to bypass some security restrictions.

Google clarified that patches have been issued for devices running Android 13, 14, 15, and 16, while no solutions exist for older devices running version 12 or earlier, representing about 30% of devices still in use, leaving their owners at continuous risk of cyberattacks.

Security experts warned that a large portion of mobile devices worldwide run outdated operating systems, noting that exploitation of these vulnerabilities could spread rapidly and become a target for many hackers, despite the current attacks being limited.

Google added that recent updates include improvements to data protection and privacy, a new system to alert users when apps fail Play Protect checks, and options to manage data collection and usage within Google Play accounts.

Experts called for a review of Android update support and an extension of protection for older devices.