Google has moved to fix the problem by changing things in Android 10 so some parts of the OS can be updated via the Play Store. But many phones are still running older versions of Android simply because device manufacturers have been slow to make those updates available.

The major version upgrades are one thing, and are what everyone tends to talk about, but what’s worrying is that security updates simply aren’t available for millions upon millions of older phones.

Google pushes out security updates each month, but that doesn’t mean your Android phone has the latest patches. Far from it. Even flagship phones from the biggest manufacturers don’t get these updates on a monthly basis.

Consumer watchdog Which? found that many phones available to buy today are already ‘out of support’, meaning they won’t receive any more security updates. And this leaves them vulnerable to hackers who can use any unpatched security holes to steal personal data.

As many as two in five Android devices still in use today no longer receive updates – those running Android 6.0 or earlier. Plus, none of the security updates issues in 2019 did anything for phones running Android versions older than 7.0.

Which? bought several three-year-old phones and discovered they could all be infected by the Joker malware as well as Bluefrag which affects Bluetooth.

Google promises three years of updates for Pixel phones, but even that isn’t long enough for security updates. The biggest problem is that there’s no way of knowing when your phone stops receiving security updates, which is why people are totally unaware they may be using vulnerable phones and putting their data at risk.

And with hackers focusing on Android, it’s only a matter of time before those vulnerabilities are exploited.

One way you can help to protect your data is to run good security software on your phone, but if it’s running a version of Android earlier than 8.0, check if an update is available and – if not – consider moving to a device with a newer version.