A research firm called Which? has poured through Google data and claims that two out of every five Android users around the world are no longer receiving vital security updates from Google. That means that 40 percent of all Android devices globally are at risk of data theft, ransomware, and other malware attacks that could lead to stolen data or money. Which? has also added warnings to reviews of potentially impacted smartphones on its website, and not all of the devices are "necessarily old," according to the company. Many of the models that are no longer receiving security updates are still available to buy online, leading to the question of do consumers know that there is a security risk. Researchers at the company took a selection of impacted devices, including phones and tablets, into the lab, and many of them can be easily exploited by a range of malware and other threats. Devices were tested from Motorola, Samsung, Sony, and LG/Google and were found to be vulnerable to hacks. Some of the attacks allowed personal information to be stolen or a hacker to take complete control over the phone, while others opened the user up to a potential for large bills for services that the owner didn't use. Which? says that anyone using an Android device released around 2012 or earlier needs to be particularly concerned; popular devices from that era include the Samsung Galaxy S3 and Sony Xperia S, among others.

Users on devices running Android 4 or earlier are urged to "seriously consider" whether it's worth the risk of using the device at all. Tips for users on devices of all types include being careful what you download, watching what you click on, backing up data, and installing a quality mobile antivirus platform.