The newest update to the Android operating system, 4.2, protects users from 77 percent of current Android malware, according to a report from Juniper Networks' Mobile Threat Center.
However, even though Android 4.2 was released more than six months ago, only 4 percent of Android-powered devices have installed the update.
That's because wireless carriers and device makers have to push out the updates to customers. Many devices wait months, even years, for updates; some never get them at all.
The Juniper report concluded that 77 percent of Android malware consists of malicious apps that surreptitiously cause devices to send SMS messages to premium-rate numbers.
This practice accrues charges in the device owners' accounts and puts that money in the pocket of the premium rate numbers' owners — in other words, cybercriminals.
These malicious apps sneak onto people's phones by disguising themselves as legitimate apps in the Google Play store. They can also come bundled with pirated software.
[See also: The 5 Best Android Security Apps ]
Android 4.2, an iteration of Jelly Bean, has a feature that detects these automatic SMS messages and asks users for confirmation before sending them. This safeguard effectively nips such malware in the bud.
So how do you upgrade to Android 4.2? The answer is as complicated as Android itself.
Unlike Apple's iOS, which only runs on Apple-manufactured devices, Android's operating system is much more open and can be adapted to fit multiple second-party devices.
So while updating iOS is a simple matter because there are relatively few device types to account for, updating Android is complicated, because you have to customize the upgrade to the device that will receive it.
The problem is, Google can't send out a unified update to all Android devices because there are numerous Android devices, all built by different companies and using different carriers. This diversification of platforms and manufacturers is called fragmentation.
The first devices to receive Android 4.2 were LG's Nexus 4 and Samsung's Nexus 10, both of which run "pure" Android unsullied by manufacturer and carrier add-ons.
Most recently, the Sony Xperia Z, a top-of-the-line smartphone released in March running Android 4.1, received the Android 4.2 update only yesterday (June 25).
Juniper's report points out that Android updates often reach users too late to be effective. And meanwhile, cybercriminals are making bank.
Mobile malware — of which more than 90 percent targets Android specifically — grew at a rate of 614 percent from March 2012 to March 2013, according to Juniper's survey.
That's compared to growth of just 155 percent last year.
Because Android has both a "commanding global market share" and loose app store restrictions, malware developers are targeting Android systems more frequently and more thoroughly than ever.
"It's clear that mobile malware writers are more sophisticated and chasing higher rewards for their efforts," the Juniper report concludes.
You can read Juniper Networks' full 2013 Mobile Threat Center report here.