The bug is known as a zero-day vulnerability, meaning that Android-owner Google was blissfully unaware of its existence until about a week ago. What’s worse is that the bug is currently being exploited by hackers — including, allegedly, by Israeli cybersecurity NSO Group. So, which phones are affected by the bug, and is there anything you can do to avoid being hacked?

Android security vulnerability

The security bug is particularly troubling, as it can allow a hacker to completely take over a compromised device. To do so, a user would need to unwittingly download a malicious app – either from the Play store, or an alternative app store; or, a user would need to visit a malicious site in the Chrome browser. The latter is depressingly easy to do when clicking through from a phishing email, for example. Bugs are regularly detected and patched against, especially on major desktop or mobile operating systems, which are key targets for malicious actors. It’s rare that a security bug is actually exploited by a hacker. However, alarmingly, the report by Google’s Project Zero security team suggests, “We have evidence that this bug is being used in the wild”. The Android security team will be hard at work patching against this vulnerability, so watch out for OS updates in October.

Does the bug affect all Android phones?

Fortunately, not all Android phones are affected by the vulnerability. However, it does affect a range of phones from a variety of major brands — including some popular flagship phones from Samsung, Huawei, and even Google itself. Here’s the list of phones affected, according to Google’s Project Zero security team:

Google Pixel 1 & 1 XLGoogle Pixel 2 & 2 XLHuawei P20Samsung S7, s8, S9Xiaomi Redmi 5AXiaomi Redmi Note 5Xiaomi A1Oppo A3Moto Z3LG phones running Android Oreo

However, this list isn’t exhaustive, according to the Project Zero team. So, it’s worth making sure that your phone has the latest security updates installed.

Is there anything you can do?

Beyond ensuring your phone has all the latest security updates installed, no. If you own a Pixel 1 or 2 series phone, you should be getting a fix for the vulnerability in the October Android update. There’s no word on fix availability from other brands. It’s also worth noting that the later Pixel 3 and 3a series of phones aren’t affected.

How to avoid being hacked

There are two ways in which this bug can be exploited: Avoiding malicious Google Play apps is fairly easy — before downloading anything from the Play Store make sure it’s verified by Google Play Protect.

It’s also fairly easy to avoid visiting shady websites — always long press on links to check where they go before clicking them. Read more of the latest tech news on Tech.co:

Microsoft Unveils New Range of Surface ProductsDating and Horizon: The Next Big Facebook Flops?The Hidden Meaning Behind EmojisiPhone 2020 Rumours – Everything We Know About the iPhone 12