Half of Mobile Devices Run Outdated Operating Systems

Posted on by

Half of all mobile devices are operating on outdated operating systems, leaving them highly vulnerable to cyber-attacks, according to new research.

The figure comes from the 2025 Global Mobile Threat Report by Zimperium, which also highlights a surge in mobile-targeted attacks and app vulnerabilities, as threat actors increasingly exploit the widespread use of smartphones in corporate environments.

Smishing – phishing attacks conducted via SMS – has grown significantly and now accounts for 69.3% of all mobile phishing incidents. Meanwhile, vishing and smishing attacks rose by 28% and 22% overall, respectively.

“The rise of sophisticated and large-scale mobile phishing campaigns reflects the evolving threat landscape,” said Darren Guccione, CEO of Keeper Security.

“Cybercriminals are leveraging phishing pages that appear official to exploit users’ trust.”

The report outlined several critical elements impacting mobile device security, including:

  • 50% of mobile devices are running on outdated operating systems
  • More than 25% of mobile devices cannot upgrade to the latest OS
  • Over 60% of iOS apps and 34% of Android apps lack basic code protection
  • Nearly 60% of iOS apps and 43% of Android apps are vulnerable to PII data leakage

Malware remains the dominant tool for attackers, with a 50% year-over-year rise in Trojan usage. New malware families such as Vultur, DroidBot, Errorfather and BlankBot have been identified by researchers.

Read more on mobile malware trends: 92% of Mobile Apps Found to Use Insecure Cryptographic Methods

Mobile App Vulnerabilities Still a Major Threat

Even as awareness of mobile threats rises, mobile app security remains a persistent weak point. Apps downloaded outside official stores are particularly risky, exposing users and organizations to Trojans and data leaks.

“Sideloading bypasses the official app stores’ rigorous vetting processes,” said Jason Soroko, senior fellow at Sectigo.

“[It leaves] devices exposed to malware and unauthorized code.”

Internally developed apps also continue to face serious risks.

“Threat actors find mobile apps appealing because [they] often manage sensitive user data,” commented Eric Schwake, director of cybersecurity strategy at Salt Security.

Design flaws, insecure APIs and weak security measures were cited as major contributing factors to ongoing vulnerabilities.

To protect against threats like this, organizations and individuals are encouraged to adopt real-time mobile threat detection, ensure regular updates and patch management, and implement comprehensive security frameworks such as zero-trust models.