Skip to Content
11-year-old flaw in Android devices
© Vadymvdrobot | Dreamstime.com
Security & privacy

Android phones are vulnerable to a years-old bug – Is your phone at risk?

Many people think Android devices are more susceptible to cyberattacks than Apple devices. That’s not necessarily true. But while Apple fans need to worry about attacks, Android fans have more threats coming their way.

That’s because more Android devices are being used globally, so hackers focus on them since there are more potential victims. Another reason is Android is an open-source platform, making it easier to penetrate. Tap or click here for handy iPhone and Android tricks.

Being an open-source platform can be problematic at times. Two of the largest chipmakers have been using an open-source audio coding format created over a decade ago. The original code has a severe flaw putting millions of Android devices at risk.

Here’s the backstory

MediaTek and Qualcomm are two of the largest internal parts, circuit boards and semiconductor suppliers to mobile phone makers. While they are responsible for the physical components, chip makers often rely on others for software.

For example, Apple created its Lossless Audio Codec (ALAC), known as Apple Lossless, available as open-source software in 2011. MediaTek and Qualcomm have been incorporating it into Android devices for over a decade to provide audio playback functionality.

Apple has updated the code for its devices several times over the years. The problem is that the original open-source code used in Android devices has not been updated.

A dangerous vulnerability has been discovered and has not been patched for 11 years.

According to Check Point Research, the vulnerability puts millions of Android phones at risk of a remote code execution hack. A hacker could use the flaw to infect your Android device with malware, listen in on conversations or take complete control of your phone.

Check Point discovered that two-thirds of all Android phones sold in 2021 have the flaw and are at risk of attack. MediaTek and Qualcomm were unaware of the vulnerability and only released patches against it last December.

What you can do about it

The best thing you can do is get the patch by updating your Android phone. Google rolled out a patch for this flaw in December of 2021.

Here’s how you can check if you are on the latest Android version and how to update. Android 12 is the most recent version.

Note: Steps might be different depending on the manufacturer of your phone. Check your manual if you need help. Don’t have your manual? Tap or click here for thousands of free online manuals.

  • Open your phone’s Settings app.
  • Near the bottom, tap System > System update.
  • You’ll see your update status. Follow any steps on the screen.

To specifically check for Android security updates:

  • Open your device’s Settings app.
  • Tap Security.
  • Check for an update:
    • To check if a security update is available, tap Google Security checkup.
    • To check if a Google Play system update is available, tap Google Play system update.
  • Follow any steps on the screen.

Keep reading

Easily move from iPhone to Android with this new app

How to turn your Android into a mobile hotspot

Stop robocalls once and for all

Robocalls are not only annoying, but they scam Americans out of millions every year. Learn Kim's tricks for stopping them for good in this handy guide.

Get the eBook