Old Android phones in the market are posing a security risk. Of the two billion active Android devices in the market, close to half are two years out of date, according an analysis by Dan Luu, senior engineer at Microsoft, using data scraped from devices that visited the Google Play Store.
Android releases are demonstrating slower uptake in the market than in the past, and possible reasons are slower Android growth, slower device turnover and fewer device updates, according to Luu. Google's newest Android release only supports devices back to the Nexus 6P, which was released in September 2015. Older phones and devices that have not been updated with the newest OS are missing many security patches.
With more devices out of date, it is harder for developers "to target 'new' Android API features," said Luu. The latest Android release holds less than 1% of the Android market share, compared to nearly 50% for the iOS 11, Apple's most recent release, across iPhones. The newest iOS also works on devices as old as the 5S, which was released in September 2013.
Mobile phones already account for 70% of internet traffic, and this number is expected to rise to 80% by 2019. The expansion of mobile phones, among other IoT devices, in corporate networks is already straining companies' infrastructure and forcing decision makers to reevaluate bandwidth load and network security.
More companies are setting up BYOD policies or giving employees mobile devices. A mobile workforce is a flexible workforce, yet around half of workers reportedly go outside apps provided by their company. At any given time an employee is likely to have anywhere from five to nine apps open, and the majority express a desire for a single portal to boost productivity.
The global app economy is expected to exceed $6 trillion. But with outdated operating systems, developers have to consider how their software will run on old or outdated devices and accept that their app will only hit a fraction of the targeted phone base.
But old devices pose a significant security threat to PII and corporate data. In the face of upcoming regulatory changes, companies may need to reevaluate mobile device security and policies to avoid financial repercussions under GDPR.