Millions of Android users open to attacks due to old versions of OS, FBI warns

Android has become a “primary” target for malware, and nearly half its users are open to attacks due to running old versions of the OS, according to an internal bulletin reportedly from the Department of Homeland Security and the FBI.

The report, found by the website Public Intelligence, highlights an industry figure stating that 44% of Android users still run versions 2.3.3 through 2.3.7 of Android, known as “Gingerbread”. These versions have known security vulnerabilities, and the bulletin warns that federal, state and local authority workers need to ensure that devices are patched.
“Android is the world’s most widely used mobile operating system (OS) and continues to be a primary target for malware attacks due to its market share and open source architecture,” the report says. “Industry reporting indicates 44 percent of Android users are still using versions 2.3.3 through 2.3.7-known as Gingerbread-which were released in 2011 and have a number of security vulnerabilities that were fixed in later versions.”
“The growing use of mobile devices by federal, state, and local authorities makes it more important than ever to keep mobile OS patched and up-to-date. The following are some known security threats to mobile OS and mitigation steps.”
ESET Senior Research Fellow Righard J. Zwienenberg wrote in a blog post earlier this year, “The biggest problem for consumers is the enormous number of old phones running Android that are still in use, for which the operators will not release a new version. Many phones still run the very popular, but outdated, Gingerbread Android platform. Regardless of whether Google releases patches for these  versions, the phones will remain vulnerable.”
Worldwide, the number of vulnerable devices could be hundreds of millions, as Android has an 80% market share in mobile devices, according to Business Insider.
The security of Android has been highlighted this year after vulnerabilities such as the “master key” uncovered by Bluebox Labs, which the researchers claimed could affect up to 900 million devices running Android and be used by cybercriminals to “fool” devices into accepting malicious apps.