The statement isn't completely shocking, as some of WikiLeaks' data goes back as far as 2013. Even if you have an older Android phone, there's a chance that Google patched at least some of the security holes in an update you received a long time ago. The problem, as you may know, is that Android vendors are inconsistent in delivering operating system updates, let alone Google's monthly security patches. There's a chance that older devices will remain vulnerable simply because their manufacturer ended support too soon or decided to skip a relevant security update.
The good news: WikiLeaks has offered to cooperate with tech companies wanting to plug any remaining CIA holes. Provided Assange and crew live up to their end of the bargain, Google will breathe a little easier. It won't have to worry so much about its own flaws as it will convincing its hardware partners to step up their security efforts.