Samsung, Nothing, Infinix and other Android phone users under high risk, Indian government issues warns

Indian government has issued a high-risk security advisory for Samsung, Oppo, Vivo, OnePlus, Nothing, Infinix and other Android phone users, warning of multiple vulnerabilities that could compromise personal data and system stability. The alert comes from the Indian Computer Emergency Response Team (CERT-In), which operates under the Ministry of Electronics and Information Technology.

Vulnerabilities Affect Android 13, 14 and 15

The warning affects all users and Original Equipment Manufacturers (OEMs) using devices running Android versions 13, 14 and the recently released Android 15. These flaws, if exploited, could give cyber attackers unauthorised access to sensitive information, escalate user privileges, or even disable affected devices through Denial of Service (DoS) attacks.

CERT-In has classified the risk level as high, due to the wide potential for misuse and the critical nature of the affected components within the Android operating system.

What’s Causing the Risk?

Android, known for its open-source flexibility and widespread use across smartphones, tablets, smartwatches and embedded systems, is vulnerable due to flaws across multiple components. These include the Android Framework, Media Framework, System layer, Documents UI, Permission Controller, and Wi-Fi module.

Additional risks stem from vulnerabilities in third-party and hardware-specific components such as Arm, Imagination Technologies, MediaTek, and both open and closed-source Qualcomm components. These elements are fundamental to how Android devices operate, meaning that the impact could be far-reaching across brands and models.

Possible Consequences for Users

Successful exploitation of these vulnerabilities could allow hackers to:

-Execute arbitrary code remotely on affected devices

-Gain elevated privileges, bypassing system restrictions

-Access and extract sensitive user information, including personal and financial data

-Cause the device to crash or freeze, disrupting normal usage

This could lead to not only data breaches but also full system compromise, leaving users exposed to surveillance, fraud, and potentially permanent device failure.

What Users Should Do

CERT-In advises all Android users to immediately install the latest security patches provided by their device manufacturers. Regularly updating the operating system and avoiding unverified apps or downloads is crucial to maintaining security. Users should also enable automatic updates and review app permissions to minimise exposure. With Android powering the majority of smartphones in India, the threat posed by these vulnerabilities is significant. Staying informed and keeping devices up to date remains the best defence.