Security updates are crucial to keep our smartphones protected, but on Android, the timing can be dangerously inconsistent. Google has just addressed two serious zero-day vulnerabilities, but unless you own a Pixel, you might be waiting weeks—or even months—before the fix reaches your device.
Critical flaws affect Android devices
In April’s Android security bulletin, Google patched 62 vulnerabilities, including two zero-day flaws classified as critical. One of them, CVE-2024-53197, exploited a USB audio driver to gain elevated privileges. It was already used in real-world attacks, including by Cellebrite and Serbian authorities to access seized devices. The other flaw, CVE-2024-53150, allowed local attackers to read confidential data without user interaction.
Google says the fixes were shared with manufacturers in January, but that doesn’t mean users are protected. Android’s fragmented update system means each brand must implement and deploy these patches independently, often resulting in significant delays.
Most users will have to wait
Google Pixel phones are the first to receive these updates, but devices from other brands, like Samsung or Xiaomi, depend on the manufacturer’s schedule. While Samsung is generally quick to react, others might take much longer, leaving millions of phones vulnerable.
Unlike app updates through Google Play, security patches require a full firmware update, which complicates and delays the rollout. Until the update arrives, users should avoid installing apps from unknown sources and remain cautious when connecting external devices.
In a mobile landscape where threats evolve quickly, waiting weeks for a critical fix is a serious problem. Google has taken a step forward, but Android’s update model remains a step behind.