As the latest security update for Android users rolls out in April, Pixel users have been issued a critical warning. Unlike Apple's centralized approach to iPhone updates, Android security updates vary based on OEM, device, country, and network. However, Pixel users, being closely tied to the Android ecosystem, usually experience smoother update processes.
This month, Pixel users are facing a more severe warning compared to others. Google has identified two high severity threats that are potentially being exploited in a targeted manner. These vulnerabilities were discovered by GrapheneOS, which reported that they are currently being actively exploited by forensic companies, also known as spyware vendors.
Google's Threat Analysis Group had previously highlighted the threat posed by spyware vendors, attributing a significant number of zero-day exploits to them over the past decade. These exploits pose a threat to free speech, the free press, and the open internet.
The vulnerabilities reported by GrapheneOS impact Pixel's bootloader and firmware, potentially providing avenues for exploitation if left unaddressed. While there is no evidence of remote exploitation yet, it is crucial for Pixel users to update their devices immediately.
To check for and install the update, Pixel users can navigate to Settings — Security & Privacy — System & Updates. It is recommended to ensure that the firmware is up-to-date and restart the device to apply all updates effectively.
Given the targeted nature of these vulnerabilities, certain users, such as journalists, human rights defenders, dissidents, and opposition politicians, are at higher risk of surveillance. For those concerned about active surveillance, Google's Advanced Protection Program offers additional security measures similar to Apple's Lockdown Mode for iPhone users.
