More than a billion Android devices could be hacked, experts have warned.
The devices many of which are inactive use and have been bought relatively recently are no longer supported by security updates and so do not receive patches for bugs and other issues, new research has warned.
It means that people using the phones could be hit by bugs that are distributed widely and can be exploited by hackers relatively easily.
A report by consumer group Which? found that about 40% of Android users were running older versions of the software, which no longer receives security updates from Google.
Android is the world's most popular mobile operating system and as a result, Which? says there are potentially millions of smartphone users at risk of data theft and other cyber attacks.
According to 2019 figures from Google, there are more than 2.5 billion active Android devices in the world.
Older versions of mobile operating systems, generally those more than two years old, often have security updates from developers stopped - with firms such as Google encouraging users to instead update to a newer version of the operating system in order to best secure their device from modern cyber threats.
Google and Apple, the makers of the world's two most popular mobile operating systems, Android and iOS, release new versions of their software annually, followed by smaller, periodical updates for several years after to fix any further issues found within them.
According to the Which? report, older phones tested from manufacturers including Motorola, Samsung, Sony, and LG were found to have vulnerabilities.
Which? said anyone using an Android phone released in 2012 or earlier, including popular devices at the time such as the Samsung Galaxy S3 and Sony Xperia S, should be "especially concerned".
It also encouraged anyone running a version of Android older than 7.0 Nougat, which was first released in 2016, to try to update their software as this version is now no longer supported by Google.
However, if a device cannot be updated it is likely to need to be replaced.
Which? computing editor Kate Bevan argued that consumers should be able to rely on longer periods of support for their mobile devices.
"It's very concerning that expensive Android devices have such a short shelf life before they lose security support, leaving millions of users at risk of serious consequences if they fall victim to hackers," she said.
"Google and phone manufacturers need to be upfront about security updates, with clear information about how long they will last and what customers should do when they run out.
"The Government must also push ahead with planned legislation to ensure manufacturers are far more transparent about security updates for smart devices and their impact on consumers."
The Government has previously announced plans for new laws that will force manufacturers to improve the security standards of internet-connected gadgets, including giving a minimum length of time for which the device will receive security updates.
In response to the report, a Google spokesman said: "We're dedicated to improving security for Android devices every day.
"We provide security updates with bug fixes and other protections every month, and continually work with hardware and carrier partners to ensure that Android users have a fast, safe experience with their devices."
The Which? research said that generally speaking, the older the device, the greater the risk of it being vulnerable to hackers.
However, previous studies have indicated that smartphone owners in Europe and the US are holding on to their devices for longer, with smaller steps in innovation each year and the rising price of smartphones cited as key reasons for not upgrading more regularly.