If you have an ancient device that isn’t receiving any more updates, then the odds are good that someone, somewhere, is going to find and exploit a vulnerability in it that nobody is interested or able to fix anymore. This is why we preach that you should always keep your wifi router updated with the latest firmware, and the same goes for your old-school Android phone—especially with the news that more than 1 billion older Android devices aren’t receiving security updates anymore.
The report from Which? claims that two out of every five Android users worldwide no longer receive security updates for their older Android devices. And while this might sound like something you can just brush off, since who cares about old devices anyway, it’s apparently not that difficult to take advantage of these gaping security holes. As Which? describes:
In other words, if you’re using a version of Android earlier than Android 8, you aren’t getting regular security updates anymore. And even if you’re staying as up to date as possible on an older version of the Android OS, there’s still a chance that there won’t be enough security protections in place to protect you from more sophisticated malware.
Update your device (as much as you can)
What can you do? First off, make sure you’ve updated your device to as current of an operating system as it can handle. If you’re not sure how to, then visiting your device’s Settings app, then tapping on System > Advanced > System Update is a good start. (The specific route you take might vary based on your device.)
Get antivirus protection
If you’ve updated as much as you can, and you want to stick with your device, install a solid third-party antivirus/antimalware application. It feels like overkill for most people, I know, but you’re going to want as much protection as you can get if your operating system isn’t receiving many (or any) frequent updates. (And even if it is, again, your older OS still might have unpatched vulnerabilities.) Downloading a solid ad blocker that can protect against scammy domains wouldn’t hurt, too.
I generally think that most people don’t need an Android antivirus app, especially if you aren’t downloading sketchy-sounding apps or, worse, sideloading apps onto your device. Still, if you’re stuck on an older version of Android, every little bit helps. And please stick to Google Play Store apps that don’t have weird-sounding names, reviews, or made-up descriptions.
Switch to a third-party OS
Beyond that, you might want to consider abandoning “stock” Android entirely and switching to a third-party OS, like LineageOS. I can’t promise that you’ll never face another security issue or vulnerability, but at least you’ll receive regular security updates that should hopefully give you a bit more protection than you’d otherwise have on your aging, not-updated operating system.
Or just get a new phone
Finally, consider abandoning your old device. You can get a decent, budget Android phone (running Android 10) for around $200. Bumping up to a more modern phone or tablet that’s at least somewhat more protected from issues—even though Motorola, in this example, is notoriously slow for launching major Android updates—wouldn’t kill you, nor your bank account. I’d rather have the extra speed, newer features, and stronger security.