Your online security and privacy depend on more than just Google's work

Android dudes
(Image credit: Jerry Hildenbrand / Android Central)

Google and the companies that make phones using Android have gotten pretty good about keeping everything updated to protect our online security and privacy. Mostly. These are the important updates, even if they aren't the glamorous kind.

A lot of work goes into an Android Security update. Probably more than you think, and from more companies than you realize, too. When you get right down to the brass tacks, those companies you aren't thinking about are doing the most work and play the most important role.

So many smart parts

Snapdragon 8 Gen 1

(Image credit: Qualcomm)

Your phone isn't just a hunk of metal and glass filled with Android magic. It's built using thousands of different parts, many of which run a bit of code inside of them so they can operate. One of the most important of these parts is, of course, the SoC (System on a Chip) inside. The chip is not only the most powerful part of a phone, it's usually the most vulnerable when it comes to exploits that affect our security and privacy.

Case in point: Check Point Research just released some news about a vulnerability (it's since been patched or is being patched on all affected devices) inside the chips that power about two-thirds of every Android device.

All software has bugs and unknown exploits and it always will.

Long story short, 11 years ago Apple released some open-source code used for audio decoding. It's been modified over the years but it's still in use today. That's what's great about open-source code — anyone can use it, make it better, and share it with everyone else.

Qualcomm and MediaTek both use some variant of this code and hackers (the bad kind that nobody likes) have found a way to exploit this code to do things like stream video from your camera without you knowing, or even get permission to install malware or take control of everything. That's bad news.

You don't have to worry about this one because all of the best Android phones have already been updated with a patch that stops these hackers from doing any of this. But soon enough, another similar — or worse — vulnerability will be found.

Google can't fix this

Google Campus Logo

(Image credit: Android Central)

We like to go on and on about how important it is for Google to do whatever it takes to get the latest security-focused updates to every user. But that's a momentous task because Google can't just make a patch and force it out to every phone because the manufacturer needs to get involved. Google can patch a Pixel phone, but Samsung has to patch a Galaxy phone. Samsung does an awesome job, but not every phone maker cares as much.

All this aside, even if every phone maker and Google got together to make sure all the Android patches get sent out, a vulnerability like the one described above wouldn't be fixed. That's because neither Google nor the company that built your phone can fix the code provided by Qualcomm or MediaTek or any of the other vendors that provide parts that include a bit of code needed to operate correctly.

Google can't fix what it doesn't make itself. Neither can Samsung or OnePlus or any other company.

Thankfully, companies like Qualcomm, MediaTek, and Nvidia are really good when it comes to quickly patching vulnerabilities and passing the patches along to their customers. Qualcomm, for example, patched the audio decoder exploit then forwarded everything needed by Google to Google and also forwarded anything the phone maker would need, too. 

Of course, this is probably a condition of any service contract but the timeliness and complicated work to find and patch out a bug or exploit is still a big deal and no matter what you might think about a company that provides microprocessors — or even if you never think about them at all — they deserve some recognition.  

You need to do the right thing, too

Google Pixel 6 Pro getting an Android update

(Image credit: Nicholas Sutrich / Android Central)

Some of us can't wait to get an update of some sort. Whether it be for an app or a security patch or even the next version of Android, we watch for it and install it as soon as we can. Some of us even sign up for beta access to try it before it's ready.

But for a lot of people, installing an update to their phone is just a pain in the ass. It usually means you have to reboot your phone and you don't seem to even get anything cool from doing it, so the notification just gets swiped away. After all, it will come back and you can "do it later."

Don't be that person who ignores and never installs updates. A secure and more private experience depends on all of us doing it.

Don't be that person. As you can read above, patching software is a never-ending process that involves a lot of hard work, and every bit of it is done to make your phone and online experience more secure. Sometimes it forces changes onto people that they may not like or one that app developers aren't ready for, but no company is spending the time and money on building software patches because it's fun.

You're not the only one affected when it comes to poor security, either. People around you don't want to be recorded without anyone knowing and if a malicious app can get access to your contacts someone else's privacy could be invaded. Yes, that can happen. Anything can happen when you have a lot of people looking for any way to cause trouble in a system as complicated as the software that powers a smartphone.

When you see that notification about an update, remember how hard so many different teams worked, why they did it, and how it will only take a few minutes for you to get on board and install it.

Jerry Hildenbrand
Senior Editor — Google Ecosystem

Jerry is an amateur woodworker and struggling shade tree mechanic. There's nothing he can't take apart, but many things he can't reassemble. You'll find him writing and speaking his loud opinion on Android Central and occasionally on Threads.

Read more
The Android sign
Here's why Google is finally making big changes to Android updates in 2025
Android System Update
What does Qualcomm and Google's 8-year Android support promise mean for us?
Google Pixel 9 Pro and Pixel 9 Pro XL angled view
Google's crucial February security patch for Pixels is here among other updates
A statue of the multicolored "G" in Google on the Google campus in Mountain View
Google warns Android users of a zero-day software exploit causing instability
Comparing the sizes and shapes of the displays on the Samsung Galaxy S25 Ultra, Samsung Galaxy S25 Plus, and Samsung Galaxy S25
Is the partnership between Samsung and Google ruining the Android ecosystem?
Google Pixel 10 Pro renders
News Weekly: Massive Pixel 10 leak, March update chaos, OnePlus ditching its Alert Slider, and more
Latest in Google Pixel
The back of the Obsidian Google Pixel 9 Pro
Some Pixel owners had a delayed start, thanks to alarm clock failures
Holding an Obsidian Google Pixel 9 Pro
That's not a typo — this Google Pixel 9 Pro deal from Amazon makes Black Friday look like a joke
Pixel Studio app on Google Pixel 9 Pro
Google Pixel teases 'Imagination Studio' pop-up event with a K-Pop girl group
The Pixel 9a and Pixel 9
Google should've split the difference between the Pixel 9 and 9a
The Obsidian Google Pixel 9a held in hand, backlit by a monitor with the words "Google Pixel" flashing behind it.
The Pixel 9a is everything the iPhone 16e wished it was
Pixel 9 Pro XL back view against colorful background
Pixel 10 might see improved startup following a loading process change
Latest in Feature
Comparing the display size on the Samsung Galaxy S25 with the Samsung Galaxy S25 Plus
What you need to know about One UI 7: Software is hard
The Moto 360 smartwatch worn on a wrist, showing an analog watch face.
Wear OS is still missing a major player, and now's the perfect time for a comeback
AirPods Max (left) hanging from a park bench beside Beats Studio Pro (right).
USB-C AirPods Max are getting an upgrade Android headphones had all along
Android statues
Ask Jerry: What happens if Google ignores the EU's DMA rules?
The Pixel 9a and Pixel 9
Google should've split the difference between the Pixel 9 and 9a
Comparing the displays between the Samsung Galaxy S24 Ultra and Samsung Galaxy S25 Ultra
Samsung displays aren't the gold standard you think they are