The Indian government has just issued a warning to all Android smartphone and tablet users. In an advisory CERT-In (Indian Computer Emergency Response Team) warned Android users that in the Google-owned operating system multiple vulnerabilities were found. These vulnerabilities were found in both older and newer Android versions like Android 14, 15, and 16-QPR 2.
CERT-In reported, “Multiple vulnerabilities have been identified in Android which could be exploited by an attacker to execute arbitrary code, causing denial of service, privilege escalation, or disclosure of sensitive information on the targeted system.”
What are the vulnerabilities found by CERT-In?
The cybersecurity agency under the Ministry of Information and Technology reported, “Multiple vulnerabilities exist in Android due to flaws in several components, including the Android Framework, Google, NXP components, STMicroelectronics, and Thales, successful exploitation of these vulnerabilities could allow a remote attacker to trigger remote code execution, create a denial of service condition, gain elevated privileges, and obtain sensitive information on the targeted system.”
According to CERT-In, this security flaw could allow hackers to take control of your device and access sensitive information like messages and calls. In some cases, hackers can execute code remotely, meaning they can operate the phone without the user’s knowledge. It is also important to note that this is not just a technical glitch, and Android users should treat it as a serious threat to their privacy and security.
What is the “no-click” Android threat?
Unlike traditional malware scams that require users to click on suspicious links or download harmful apps, this vulnerability lets hackers work silently in the background. They are known as zero-click vulnerabilities; they allow hackers to access a device without any action from the user.
In such cases, attackers exploit vulnerabilities in the Android system or apps to gain entry. This means even cautious users who avoid unknown links or downloads can still be at risk if their devices are not updated.
Which Android devices are at risk?
The issue largely affects devices running Android OS like Android 14, 15, and 16QDR 2 or those that have not received recent security updates. According to CERT-In’s warnings, smartphones and tablets running Android 14, 15, 16, and 16QPR2 could be at risk. This includes devices from Vivo, OnePlus, iQOO, Xiaomi, Realme, Motorola, Samsung, Oppo, Google Pixel, and other brands.
Because Android is used across a wide range of manufacturers and price segments, not all devices receive timely updates. This fragmentation increases the risk, especially for older or budget smartphones.
What Android users should do to stay safe?
To reduce the risk, users should regularly update their smartphones with the latest security patches. Installing apps only from trusted sources and avoiding outdated devices can also help. Security tools like built-in protection systems and antivirus apps add another layer of safety.
In an environment where security threats are becoming more advanced, staying updated and cautious remains the most effective way to protect personal data.