Google Halts Security Updates for 1 Billion Older Android Devices

Android security updates will cease for over 750 million devices as Google shifts focus to newer operating system versions

Key Takeaways

• 750 million to 1 billion Android devices left vulnerable as Google stops backporting security updates for versions older than Android 13, affecting nearly one-third of all users.
• Chrome security updates discontinued for Android 8 and 9 users, impacting approximately 300 million devices or 10% of the Android user base.
• Android 12 removed from monthly support schedule with Play Integrity API changes creating a security divide between newer and older Android versions.

Introduction

Google has quietly implemented a major shift in its Android security strategy, leaving hundreds of millions of users exposed to potential threats. The tech giant recently ceased backporting security updates for Android versions older than Android 13, effectively abandoning nearly one-third of its global user base.

This decision impacts between 750 million and 1 billion Android devices worldwide. Users now depend entirely on device manufacturers for critical security patches unless they upgrade to newer Android versions.

Key Developments

The policy change represents Google’s most significant security support reduction in years. Android 12 has been removed from the company’s monthly security update schedule, marking a clear departure from previous practices.

Google has simultaneously updated its Play Integrity API, creating a technical barrier between Android 13 and newer versions versus older installations. The API now rates devices running older Android versions as less secure, affecting app compatibility and functionality.

The company has also announced an end to Chrome browser updates for Android 8 and 9 users. While these versions account for approximately 10% of Android users, the broader concern extends to Android 10, 11, and 12 users who face similar vulnerabilities.

Market Impact

The fragmentation creates immediate business challenges for Google and its hardware partners. Support costs increase when maintaining multiple Android versions, while inconsistent security postures complicate enterprise adoption decisions.

Device manufacturers now bear sole responsibility for security updates on affected devices. This shift places additional financial burden on OEMs who must allocate resources to patch older devices while developing new products.

App developers face increased complexity as they navigate varying security standards across Android versions. The fragmentation potentially limits new feature adoption and increases development costs across the ecosystem.

Strategic Insights

Google’s decision reflects broader industry pressure to accelerate security responses while managing platform complexity. The company has shifted to an earlier annual release schedule, launching Android 16 in June 2025 instead of the traditional third-quarter timeline.

The move parallels Microsoft’s approach with Windows 10, where extended support comes with specific requirements and limitations. Both companies face similar challenges balancing security needs with legacy device support.

Enterprise customers may increasingly favor platforms with more unified upgrade policies. Apple’s iOS ecosystem benefits from less fragmentation, creating competitive pressure on Google’s business model.

Expert Opinions and Data

Security researchers have expressed alarm about the timing and scope of the changes. According to Forbes, the decision highlights significant security risks for affected users.

Android Authority has emphasized the urgency for users on Android 12 and 12L to upgrade immediately. The publication notes that manufacturer resources for continued support remain limited, leaving users with few alternatives.

Recent security bulletins demonstrate the ongoing threat landscape. Google patched 60 vulnerabilities in April 2025 alone, including two actively exploited zero-day attacks. Security experts warn that unpatched devices create opportunities for cybercriminals to exploit known vulnerabilities.

Industry analysts point to the persistent fragmentation challenge as Android’s primary weakness compared to competitors. The upgrade deadline miss rate of 30% underscores difficulties in enforcing timely updates across diverse hardware configurations.

Conclusion

Google’s security policy shift creates a clear division in the Android ecosystem between supported and legacy devices. The company prioritizes resources on newer versions while transferring responsibility for older devices to manufacturers.

The change affects fundamental security infrastructure for nearly one billion devices worldwide. Users on affected Android versions face increasing security risks unless they upgrade devices or manufacturers provide independent security patches.