2025 Mobile Security Roundup: Insights to Protect Your Phone

Sophia Taylor

By Sophia Taylor

Published:

As mobile devices become ever more central to our daily lives, so too do the threats targeting them. Each year, Certo analyzes data from hundreds of thousands of device scans to build a clearer picture of the mobile security landscape.

Here’s a look at the key findings from 2025 and what they reveal about the evolving risks facing smartphone users today.

Scan Volume

In 2025, Certo users performed 583,039 scans across both iPhone and Android devices, a decrease compared to the 698,032 scans recorded in 2024.

While the year-on-year dip in scan activity likely reflects normal fluctuations in user behaviour, the data still represents a substantial and statistically meaningful sample from which to draw conclusions about the mobile security landscape.

Threat Levels Are Rising

Despite fewer total scans, the proportion of devices found to have medium or high-severity threats increased year-on-year.

583,039
Total scans in 2025

▼ from 698,032 in 2024

6.87%
Devices with medium or high threats

▲ from 6.26% in 2024

The rise from 6.263% to 6.869%, a year-on-year increase of roughly 10% in the rate of threatened devices, is a concerning signal. It suggests that attackers are deploying threats more effectively, and that security hygiene among users has not kept pace with the evolving threat landscape.

Top Mobile Spyware Detected in 2025

Spyware remains one of the most significant threats to mobile users, enabling abusers, stalkers, and criminals to monitor victims without their knowledge. The following spyware applications were most frequently detected in Certo’s 2025 scans:

  1. mSpy
  2. Mobile Track
  3. BingoMod
  4. MoniMaster
  5. Highster
  6. FlexiSpy
  7. iKeyMonitor
  8. FreeAndroidSpy
  9. TheTruthSpy
  10. Pegasus

mSpy retains its position at the top of the list for the second year running. The tool is marketed as legitimate parental monitoring software but is frequently misused for covert surveillance of adult partners, making it a persistent concern for Certo’s researchers.

At the other end of the list, the emergence of Pegasus — the sophisticated nation-state spyware developed by NSO Group — serves as a reminder that the most capable threats are not confined to criminal forums.

While its deployment is targeted rather than widespread, its inclusion in Certo’s detection data underscores the reality that even consumer devices can become targets of advanced persistent threats.

Most Common Location Sharing Apps

Family location-sharing apps continue to grow in popularity, and the top 10 most frequently encountered on scanned devices in 2025 were:

  1. Life360 – Family Locator
  2. Find My Kids
  3. FamilyWall
  4. AT&T Secure Family
  5. Tracki GPS
  6. Find My Friends
  7. Pingo
  8. Family 360: GPS Locator
  9. Phone Tracker & GPS Location
  10. Boost Safe & Found

Life360 leads the list once again, reflecting its position as the dominant family tracking platform. While these apps offer genuine peace of mind for parents keeping tabs on young children, they also introduce privacy considerations that users should be aware of.

It is important to understand exactly what data these applications collect, who has access to it, and whether all parties have meaningfully consented to being tracked. An app that is installed without someone’s knowledge — even a legitimate one — can become a tool for surveillance rather than safety.

Important note: The presence of a location-sharing or monitoring app does not automatically indicate malicious intent.

However, if you find an app on your device that you did not install — or that has been installed without your full knowledge and consent — this should be treated as a serious concern and investigated promptly.

OS Updates: A Persistent Vulnerability

Running an outdated operating system is one of the most preventable security risks a smartphone user can face.

Manufacturers regularly release updates to patch known vulnerabilities; failing to apply these updates leaves devices exposed to threats that could otherwise be entirely mitigated.

Android

In Q4 2025, 15.61% of scanned Android devices were running an OS version that no longer receives security updates from the manufacturer.

While this represents an improvement on the 17.23% recorded in Q4 2024, it still amounts to a significant proportion of users operating with no protection from newly discovered vulnerabilities.

Android’s device fragmentation — the wide variety of manufacturers and models, each with their own update schedules — continues to make this a challenging problem to solve at scale.

Android devices on unsupported OS (Q4 2025)
15.61%
Android devices on unsupported OS (Q4 2024)
17.23%

iPhone

In the final week of 2025, 39% of scanned iPhones did not have automatic updates turned on, with only 61% running the latest available version they supported.

This is notable progress compared to 2024, when 44% of iPhones lacked automatic updates. But it means that more than one in three iPhones still relies on the user to manually check for and apply updates, a step that many never take.

iPhones without automatic updates (2025)
39%
iPhones without automatic updates (2024)
44%

Tip: On iPhone, you can enable automatic updates by going to Settings → General → Software Update → Automatic Updates and ensuring both “Download iOS Updates” and “Install iOS Updates” are switched on.

On Android, the process varies by manufacturer but can usually be found under Settings → Software Update.

iOS Jailbreaking: A Welcomed Decline

Jailbreaking is the process of removing Apple’s software restrictions to allow unauthorized app installation and system modifications.

It bypasses many of the security safeguards that make iPhones relatively resistant to malware and spyware. While jailbreaking has historically appealed to users seeking greater customization, it comes at a significant security cost.

The data from Certo’s 2025 scans tells an encouraging story: jailbreaking continues its downward trend.


iOS JAILBREAK RATE — 2023 TO 2025

2%
1.8%
1.6%
1.4%
1.2%
1%
0.8%
0.6%
0.4%
0.2%
0%

2023
2024
2025


Source: Certo Software scan data. Percentage of scanned iOS devices found to be jailbroken.

In 2025, just 0.67% of scanned iOS devices were jailbroken — a dramatic drop from 1.55% in 2024 and 1.36% in 2023. This is a genuine positive development for mobile security.

The decline likely reflects a combination of factors: Apple’s continued investment in iOS security making jailbreaking progressively harder to achieve, the reduced availability of reliable jailbreak tools for modern iOS versions, and a growing awareness among users of the security risks involved.

Fewer jailbroken devices means a smaller attack surface for spyware and malware that depend on bypassed security controls to function. Certo hopes to see this trend continue.

Android Rooting: A Cause for Concern

Rooting is the Android equivalent of jailbreaking. It grants the user (and any apps they install) elevated privileges beyond what the operating system normally permits.

Like jailbreaking, it removes key security protections and can expose the device to threats that would otherwise be blocked. Unlike jailbreaking on iOS, the rooting rate on Android devices is moving in the wrong direction.


ANDROID ROOTING RATE — 2023 TO 2025

0.4%
0.35%
0.3%
0.25%
0.2%
0.15%
0.1%
0.05%
0%

2023
2024
2025


Source: Certo Software scan data. Percentage of scanned Android devices found to be rooted.

The proportion of rooted Android devices detected by Certo has doubled from 0.14% in 2023 to 0.28% in 2025. While these figures may appear small in absolute terms, the upward trajectory is notable.

Rooted devices are significantly more susceptible to spyware installation and other forms of compromise, as malicious apps can exploit root access to operate with system-level permissions and remain persistent even after factory resets.

It is worth noting that rooting is often performed deliberately by technically sophisticated users seeking customization. However, devices may also be rooted without the owner’s knowledge as part of an attack, particularly in cases involving commercially available spyware tools.

If you didn’t root your device yourself: A rooted status you cannot account for is a serious red flag. It may indicate that someone with physical access to your device has tampered with it. Run a full security scan with Certo AntiSpy immediately and consider performing a factory reset.

Threats Discovered by Certo in 2025

Beyond the aggregated scan data, Certo’s research team made two significant discoveries in 2025 that shed light on how the threat landscape is evolving — both in terms of the malware being developed and the tools being used to create it.

RadzaRat: The Android Trojan Nobody Could See

In November 2025, Certo’s research team identified RadzaRat, an Android remote access trojan disguised as a legitimate file manager app.

Once installed, it gives attackers remote access to the victim’s files, logs every keystroke typed (including passwords and banking credentials), and persists silently across reboots.

What made the discovery particularly alarming was its zero-detection rate: not a single one of 66 security vendors on VirusTotal identified it as malicious.

Worse, the malware was openly available through a public code repository and actively promoted on underground forums, meaning anyone with harmful intent could deploy it with minimal technical skill or cost.

→ Read the full RadzaRat research report

Venice.ai: The Uncensored AI Chatbot Arming Hackers

In May 2025, Certo investigated Venice.ai, an AI chatbot gaining traction on hacking forums due to its near-total absence of content restrictions.

Unlike mainstream tools such as ChatGPT, it runs open-source language models with safety guardrails deliberately removed, for just $18 per month.

Hands-on testing found it willingly producing convincing phishing emails, functional ransomware in Python, and a working Android spyware app capable of silently recording audio — in many cases without hesitation and with no ethical caveats.

Tools like this lower the barrier to creating mobile malware to near zero, and their growing popularity in criminal communities is a trend Certo expects to have a direct impact on mobile threat volumes in the years ahead.

→ Read the full Venice.ai research report

Key Takeaways from 2025


Enable Automatic Updates

With 39% of iPhones lacking automatic updates and 15.61% of Android devices running unsupported OS versions, keeping your operating system current remains one of the single most effective steps you can take to protect your phone.


Scan Your Device Regularly

Threats like RadzaRat demonstrate that even specialist security tools can be briefly blind to newly emerging malware. Regular scans with a trusted app like Certo AntiSpy give you the best chance of catching threats early.


Don’t Jailbreak or Root Your Device

The decline in jailbreaking is a positive trend. Rooting rates, however, are rising on Android. Avoid rooting your device and investigate promptly if your device shows a rooted status you didn’t authorize.


Be Vigilant About App Permissions

Spyware increasingly abuses legitimate Android features — particularly Accessibility Services — to operate covertly. Review which apps have been granted these permissions and revoke any you don’t recognize or trust.


Understand the AI-Powered Threat Landscape

Tools like Venice.ai mean that creating functional phishing emails and mobile malware no longer requires programming expertise. Expect to see more sophisticated, AI-assisted attacks in the years ahead — and be appropriately sceptical of unexpected messages or app install requests.


Review Location Sharing Apps

If you find a location-sharing or monitoring app on your device that you don’t recall installing, treat it as a serious concern. Audit your installed apps regularly and remove anything unfamiliar.

Wrapping Up

As we look ahead to 2026, the data from 2025 paints a picture of a threat landscape that is simultaneously improving in some areas — notably the decline in jailbreaking — while intensifying in others.

The rise in rooted Android devices, the growing threat rate per device, and the emergence of AI-powered attack tools all point to a more capable adversary than users faced just a few years ago.

Mobile security remains a shared responsibility between device manufacturers, platform providers, app developers, and users. Certo will continue to monitor, research, and report on these trends — and to develop the tools that help everyday users stay one step ahead.

Methodology Note: Insights are derived from aggregated, anonymized scan data of users who consented to share diagnostic information. Certo does not collect personal data or device contents.

Sophia Taylor

By Sophia Taylor

Sophia is a Senior Cybersecurity Writer at Certo, with over five years of experience writing about digital security, privacy, and emerging threats. Drawing on a background in IT and technology, she specializes in translating complex cybersecurity topics into clear, practical guidance that helps everyday users stay protected online.