Half of All Mobile Devices Operating on Outdated Operating Systems, Exposing Users to Risks

A recent report from Zimperium, the 2025 Global Mobile Threat Report, starkly reveals that nearly half of all mobile devices are running outdated operating systems, making them prime targets for cyber-attacks. Mobile security is now becoming a primary concern for enterprises, which can no longer regard it as a secondary risk. According to the findings, one-third of mobile threats are attributed to phishing attacks, a phenomenon termed 'mishing'—mobile phishing. A notable aspect of this rise in phishing incidents is that SMS phishing, labeled as 'smishing', constitutes over two-thirds of phishing activities affecting mobile users. The report underscores how attackers are employing sophisticated methods, including the use of malicious PDF files to sneak in phishing links and exploit users' trust. The report indicates that despite growing awareness about these threats, many organizations remain vulnerable due to insecure mobile app usage. A staggering 25% of enterprise devices have sideloaded applications—apps downloaded outside official app stores—which poses severe security risks. These apps often transform into vehicles for malicious attacks, primarily due to the lack of rigorous vetting processes associated with official app stores. The research highlights that 23% of apps used on work devices communicate with servers in high-risk countries, leaving sensitive data vulnerable. Furthermore, more than 60% of Android applications utilize basic security measures that are insufficient against evolving threats. Recommendations from the report urge enterprises to deploy AI-driven mobile threat defense tools, educate employees about recognizing phishing attempts, set stringent policies for app vetting, and enforce device upgrades. It also emphasizes the importance of device attestation to ensure that applications run in secure environments, a critical step as rooted or jailbroken devices can easily bypass security protocols. Commenting on the shift towards mobile-centric cyber strategies, Shridhar Mittal, CEO of Zimperium, noted that organizations' embrace of mobile technology for productivity and customer engagement has attracted cybercriminals who have adopted a mobile-first attack methodology. This calls for a strengthened focus on mobile security practices and policies. In conjunction with this report, Google has also announced significant changes to how apps run on Android devices, in line with the introduction of the Play Integrity API. This move aims to create a clear distinction between supported and unsupported versions of the Android OS, emphasizing the necessity for users to upgrade to newer versions to maintain security. Reports suggest that this could lead to functionality issues for devices operating on Android 12 and earlier versions, prompting a call for OS and device upgrades for users valuing their data security. In summary, the report provides critical insights into the current state of mobile security and the pressing need for enterprises to rethink their mobile security strategies in light of escalating threats. Businesses must prioritize mobile security with the same diligence as traditional IT infrastructure to protect sensitive data and maintain operational integrity.