Of all the issues a gadget can face, a "zero-day exploit" is one of the most dreaded. Not only are these glitches extremely dangerous for users and their security, but they're also extremely hard to catch. In fact, software developers often rely on third parties or bug bounty hunters to catch their zero-day exploits, which can lead to long delays between discovery and announcement.
Now, a critical zero-day flaw has been discovered in some of the most popular Android devices on the market. The affected phones number in the millions and, from what researchers are saying, there's no real way to fix it at this point.
If you are using an Android phone from 2018 or earlier, you won't want to miss this security update. We have details on the nature of this zero-day threat, as well as how you can prevent your device from being exploited by hackers.
A critical flaw
According to researchers at Google's esteemed Project Zero team, a high-priority zero-day exploit has been discovered that affects millions of Android phones currently operating on the market. The glitch bypasses security features endemic to the operating system, which means if they're compromised by a malicious app, hackers could gain "root access" to the device itself.
In security terms, this is one of the deepest compromises possible, and essentially gives a hacker complete control of the affected device.
Phones discovered to contain the flaw include some of the most high-profile Android handsets sold in recent years — including the Samsung Galaxy S7, S8, S9 and the Google Pixel 1, 2, XL and XL 2. Researchers emphasize that their list is by no means exhaustive — they suspect many more Android phones may still be at risk.
The most glaring issue facing researchers is the fact that there seems to be no fix for the exploit. It's a design flaw in the Android operating system itself — one that thankfully does not appear to be present in phones released after 2018.
How can I keep myself safe?
Project Zero's researchers are advising users to take extreme precautions when downloading apps and installing software to their Android devices. While this is genuinely good advice no matter how you slice it, it's easier said than done. Malware remains a massive problem at the Google Play Store, with thousands of infected apps discovered in the last year alone.
Since Google doesn't moderate its platform to the extent of its rival Apple, many of these apps continue to hide in the store until they're pointed out by security researchers after they've infected thousands.
To keep yourself safe, use your best judgement. When choosing programs to download, avoid apps from new developers that don't have many review ratings, clear and concise descriptions, or recognizable icons. Read the reviews carefully to determine the experience other users are having and make your call accordingly.
By researching apps before downloading them, you can prevent your device from being compromised by a malicious app. According to the Project Zero researchers, this is currently the only avenue for hackers to even exploit this glitch at the moment, so always double-check before downloading from the Google Play Store.
Bonus: Subscribe to Kim's Android Newsletter for more urgent Android security updates
If you're eager to stay on top of the latest threats facing the Android ecosystem, you have to follow Kim's Android newsletter. We dig up the best Android tips and deliver them to your inbox, free of charge. Tap or click here to sign up for Kim's weekly Android Updates newsletter for news, tips and tricks, and the coolest new apps.
If you downloaded these apps from Google Play, you need to uninstall them immediately
When downloading apps to your smartphone or tablet, we would always recommend using official app stores like Google Play or the Apple App Store. We learned about hundreds of malicious apps that have been downloaded over 400 million times rendering devices nearly unusable. Find out if you downloaded one of the 238 affected apps.