We’re living in an era where smartphone security is constantly being tested, and the latest developments prove just how serious the situation has become. Google has issued an emergency update for Android phones for the third month in a row, warning users that attackers may already be exploiting two new high-risk vulnerabilities. These bugs affect Android phones broadly, but this time, there’s a major shift in how Samsung is responding—bringing both concern and hope to users.
Google’s April 2025 security bulletin highlights two critical vulnerabilities: CVE-2024-53150 and CVE-2024-53197. Both are serious flaws, and Google has stated that there is evidence these vulnerabilities “may be under limited, targeted exploitation.” That’s tech-speak for saying that hackers or digital forensic firms may already be using these weaknesses to access private data on Android devices.
Two Critical Bugs Targeting Android Phones – Here’s How to Stay Safe
The first vulnerability, CVE-2024-53150, involves a memory-related flaw in the Android kernel. This could potentially allow attackers to extract sensitive data from a locked phone without needing full access. The second, CVE-2024-53197, is especially alarming because it’s similar to a known exploit used by Cellebrite—a digital intelligence company that works with law enforcement to extract data from devices—particularly in Europe.
Security experts from GrapheneOS, a privacy-focused version of Android, have noted that these are not just any bugs—they are vulnerabilities that impact locked Android devices. In other words, even if you protect your phone with a password, fingerprint, or face unlock, it might still be at risk. GrapheneOS claims its software makes it harder to exploit these bugs, even on unlocked devices, which underlines the severity of the flaws in standard Android builds.
But there’s a silver lining this time. Samsung, which has previously lagged behind Google’s Pixel devices in rolling out critical security fixes, has responded more quickly than usual. In April, Samsung’s update not only included a fix for a previously delayed vulnerability from March (CVE-2024-50302), but also covered both new vulnerabilities flagged by Google. That’s a positive sign, especially as users have been increasingly frustrated with Samsung’s delays in rolling out Android OS upgrades and security patches.
Interestingly, Samsung began rolling out its stable One UI 7 update, based on Android 15, to its 2023 and 2024 flagship devices the same day. This new version includes enhanced protections against forensic tools like those used by Cellebrite. It seems Android 16 will go even further, introducing features like automatic reboots after periods of inactivity, similar to Apple’s approach, to prevent unauthorized data access.
This reflects a troubling trend—powerful actors regularly target Android and iPhone devices with the means to break security protections. However, it also shows that phone makers are stepping up their defenses.
As we continue to rely more on our smartphones for everything, from personal messages to financial data, staying updated with the latest security patches is more important than ever. These truly are interesting—and challenging—times for mobile users.