No one is updating their Android devices, new data shows

"Patch early and often?" Not so much.
Android updates
(Flickr user <a href="">Larry Qian</a>

It’s typically good advice to patch early and often. What’s said less often is that most of the time it just isn’t happening.

Duo Security has new data to back that up: The company released a study Wednesday finding 90 percent of over 10.7 million Android devices across the U.S. and Western Europe are running outdated versions of the operating system. Additionally, only 8 percent of Android phones ran the latest security patch, according to the report.

It’s a significant gap that’s due in large part to Android’s enormous, fractured ecosystem. Users often receive updates haphazardly through their carriers or phone manufacturers, and that’s if they get them at all. Attackers often take advantage of this, with new malware frequently popping up that preys on old Android models.

Even as Android’s competitor Apple is doling out patches through its App Store, there is a significant gap in users updating to the latest version of iOS. Duo found that 56 percent of iOS devices are running old versions of the software.


The out-of-date software problems aren’t solely confined to mobile devices. Duo found that computers are often behind on operating systems as well: Seventy-four percent of MacOS and 85 percent of ChromeOS machines were not running the latest software.

The number is for ChromeOS is peculiar, given that machines running Google’s system auto-update on every restart. But for ChromeOS, widely hailed as one of the most secure computing environments available today, the numbers don’t necessarily tell the whole story.

“Because Chrome updates more frequently than other operating systems, its users may be technically out-of-date, but they’re likely only a couple of weeks behind, as compared to potentially being many months out-of-date on other platform,” said Kyle Lady, an engineer at Duo Security. “In this case, an out-of-date OS doesn’t necessarily determine if it is ‘less safe’ compared to others, given that the security model of ChromeOS means it is likely safer while out-of-date, especially since it’ll get an update ready for whenever the next reboot happens.”

Latest Podcasts