Google is implementing tougher Android security requirements, leaving an estimated 750 million smartphones at risk of losing major protections unless users upgrade to newer devices. The crackdown primarily affects phones running Android 12 or older, which no longer receive security patches or compliance updates from Google.
That figure over 25% of active Android devices worldwide represents hundreds of millions of users who will soon lose access to essential safety measures as Google tightens its defences against malware and data breaches.
Why Older Phones Are at Risk
The key changes revolve around the Play Integrity API, a new layer of app verification requiring both hardware and software compliance. This system ensures that apps handling sensitive data, such as banking, email, or digital wallets, can only run on secure, updated devices.
Phones lacking these protections may see crucial apps stop functioning correctly or lose access altogether. Users who continue using outdated operating systems will face increased exposure to spyware, phishing apps, and data-stealing exploits that target unpatched vulnerabilities.
Additionally, Google is restricting sideloading apps from untrusted sources and enforcing stricter permission checks for apps that seek access to device sensors, storage, or contacts. Apps will now verify a phone’s integrity before enabling secure features, and unsupported models will likely fail those checks.
Android’s Flexibility Becomes Its Weakness
Older Android versions gave users more freedom to install apps outside official stores, but this openness also created security blind spots. Google’s new approach aims for consistency and accountability across its ecosystem. However, it also means many legacy models will no longer meet modern compliance standards.
For millions of users especially in regions where older phones remain popular this shift presents a dilemma: upgrade or risk exposure. Devices that can’t support Android 13 or higher will miss future protections tied to encryption, sandboxing, and secure boot mechanisms.
Cybersecurity Implications in Kenya
In Kenya, where mobile money services like M-PESA dominate digital transactions, cybersecurity experts warn that outdated Android phones have already become prime targets for attackers. Phishing apps disguised as legitimate banking tools or fake system updates are increasingly used to steal personal and financial data.
Reports from the Communications Authority of Kenya show millions of cyber threat attempts every quarter, many directed at unpatched Android devices. Analysts caution that Google’s latest enforcement may widen the gap between users with secure, modern phones and those relying on budget or legacy handsets.
A Push Toward Safer Ecosystems
Google’s new measures are part of a broader campaign to standardize Android security across manufacturers and regions. By limiting outdated software’s access to high-risk apps, the company hopes to curb fraud, identity theft, and the spread of malicious apps.
While the move may inconvenience millions of users, especially in developing markets, it underscores an unavoidable reality of mobile security: protection depends on updates.
For Android users still holding onto older models, the message is clear. If your phone no longer receives system or security updates, it’s time to consider upgrading. Newer devices will benefit from safer apps, improved privacy controls, and stronger defences a necessary step in an era where mobile threats evolve faster than ever.
READ MORE: Airtel Kenya Offers Free Access to Education Cloud and Elimika
