99% of US government employees run outdated Android OSs

Shockingly, 99.2% of US government Android users run outdated operating systems, exposing themselves to hundreds of vulnerabilities. 

These figures are a massive concern since government agencies store extremely sensitive information. If that data falls into the wrong hands, it could cause large-scale havoc.

Let’s not forget that due to COVID-19, the majority of government employees had to shift rapidly to remote-work. Meaning, workers started to use their mobile devices to access government data more than ever before, in turn creating a vast attack surface for cybercriminals.

A mobile security company Lookout provides the numbers. They analyzed their customers that work in federal, state, and local government agencies and used a mobile security software called Lookout Security for Work. The data was collected from January 1, 2020, to December 31, 2020. 

The number of operating system (OS) vulnerabilities was extracted from the Common Vulnerabilities and Exposures (CVE) website. CVE is an international, community-driven effort to catalog publicly disclosed cybersecurity vulnerabilities.

Vulnerability - a flaw in a software, firmware, hardware, or service component resulting from a weakness that can be exploited, causing a negative impact to the confidentiality, integrity, or availability of an impacted component or components.

Diving back into the analysis, it appears that as many as 22.8% of the US government workers still use the Android 8 operating system. 

This version of OS is called Android Oreo and was released to the public on August 21, 2017. This operating system has 636 known vulnerabilities. We can expect countless new attack vectors to surface as time goes by.

Moving forward, 28.2% of federal, state, and local government employees use the Android 9 operating system. According to publicly available data, this OS has 173 publicly known vulnerabilities. This Android version is known as Android Pie and was released to the world on August 6, 2018.

Next up is Android 10, the most popular operating system amongst the US government employees. Over 38.3% of workers run this OS on their Android devices. This operating system has more than 266 vulnerabilities known to date and was originally released on September 3, 2019.

Lastly, As of March 10, 2021, the newest Android operating system is version 11. It was released on September 8, 2020, but only 0.08% of US government workers have updated their phones to this release. Android 11 has over 50 publicly known vulnerabilities.  

iOS users are more cautious

In contrast, iOS users are much more cautious. The report reveals that 67.8% of federal, state, and local US government employees use the latest iOS 14 version on their iPhones. This version of the OS has over 50 known vulnerabilities.

Still, nearly a third (27.9%) of government workers run the iOS 13 version, which has more than 195 known security issues or bugs. This iOS version was first released on September 19, 2019.

Luckily, only 3.4% of employees use iOS 12, and 0.04% use iOS 11, having 65 and 130 publicly known vulnerabilities, respectively.

To conclude, it is one of the most essential cybersecurity practices to keep a mobile operating system up-to-date. We are left in the dark as to why so many government employees choose not to update their phones, but no matter the reason, it leaves them exposed to hundreds of attack vectors. Furthermore, it is important to note that threats like ransomware target governments the most. Thus, computers and smartphones should run the latest versions.