The Indian Computer Emergency Response Team (CERT-In), the government's cybersecurity watchdog, has issued critical security warnings for Android users, highlighting significant vulnerabilities that could compromise their devices and data. These warnings underscore the importance of keeping Android systems updated with the latest security patches.

Vulnerabilities and Potential Risks

CERT-In has identified multiple high-risk vulnerabilities affecting Android versions 12, 12L, 13, 14, and 15. These flaws exist in various components of the Android ecosystem, including the Framework, Platform, System, Conscrypt component, Kernel, and components from hardware providers like MediaTek, Qualcomm, and Imagination Technologies.

If exploited, these vulnerabilities could lead to severe consequences, including:

• Unauthorized Access: Attackers could gain unauthorized access to sensitive information stored on the device.
• Privilege Escalation: Exploitation could allow attackers to gain elevated privileges, granting them unauthorized control over the system.
• Arbitrary Code Execution: Attackers could execute arbitrary code, potentially leading to malicious actions and system compromise.
• Data Theft: Sensitive data could be stolen from the device.
• Denial-of-Service (DoS) Attacks: Attackers could cause denial-of-service conditions, making the device unusable.
• System Instability: Exploitation could lead to memory corruption and system crashes, compromising the stability of affected phones.

Notably, CERT-In has warned that one of the vulnerabilities (CVE-2024-53104) is already being actively exploited. Another vulnerability exists in the Dolby Digital Plus (DD+) Unified Decoder, potentially allowing a remote attacker to execute arbitrary code.

Recommended Actions

CERT-In advises users and OEMs to promptly install security updates upon release. Users are urged to update their devices to security patch levels dated January 5, 2026, or later. The latest security patches are available in the Android Security Bulletin.

To enhance security, users should also follow these best practices:

• Keep Devices Updated: Install the latest security patches to protect against vulnerabilities.
• Download Apps from Trusted Sources: Use the Google Play Store and avoid third-party or unknown sources.
• Enable Google Play Protect: Enable it to detect and block potentially harmful apps.
• Review App Permissions: Restrict unnecessary access to user data.

Government Initiatives for Enhanced Security

The Indian government is considering imposing stricter security standards for smartphones, including mandatory automatic and periodic malware scanning. These proposals also require companies to make software changes to allow pre-installed apps to be uninstalled and to block apps from using cameras and microphones in the background to "avoid malicious usage". The government may also require device makers to inform the National Centre for Communication Security about major software updates and security patches before releasing them to users, allowing the center to test them. Furthermore, the government is pushing for access to source code, the underlying programming instructions that make phones work.