Slow patching of security flaws is leaving many US mobile users at risk of falling victim to data breaches according to the findings of a new report.

The study from mobile defense specialist Skycure analyzed patch updates among the five leading wireless carriers in the US and finds that 71 percent of mobile devices still run on security patches more than two months old.

This is despite Google releasing Android patches every month, indeed six percent of devices are running patches that are six or more months old. Without the most updated patches, these devices are susceptible to attacks, including rapidly rising network attacks and new malware, also detailed in the report.

The report shows Android vulnerabilities rose in 2016 to more than four times the number in 2015. Almost half of these vulnerabilities allow excessive privileges, while others allow other effects, like leakage of information, corrupted memory, or arbitrary code execution. Carriers must make Android patches available to their users before they can patch their devices, Skycure analyzed devices on AT&T, MetroPCS, Sprint, T-Mobile, and Verizon to determine the age distribution of security patches on the leading carriers.

Among specific findings are that the most recent security patch released by Google has only been adopted by a very small percentage of the devices. Though Skycure reports that AT&T users are up to ten times more likely to have this latest patch installed. Among the five major US carriers, MetroPCS had the highest percentage of devices with patches more than three months old, making their devices the most susceptible to attack.

"Malware, network attacks and advanced exploitation campaigns many times depend on unpatched vulnerabilities to be successful," says Yair Amit, co-founder and CTO of Skycure. "It's essential that users and companies know the moment that a device is able to remove these risks to reduce the window of vulnerability. That's why we built this capability directly into Skycure and why we have a focus so heavily on security research. The only way to beat the bad guys is to be one step ahead of them."

The report also looks at the most common types of malware, which are: adware, hidden apps, potentially unwanted apps, riskware, spyware, and trojans. The numbers of these grew by more than 500 percent from Q1 to Q4 of 2016. Hidden apps is the category showed the fastest growth in 2016.

You can find out more in the full report on the Skycure blog.

Photo credit: Bloomua / Shutterstock