CERT-In Cyber Alert! Android 13 to 16 Phones at High Risk of Data Theft and System Hacking — Check What You Need to Do

If you own an Android smartphone, this news is crucial for you. The Indian Computer Emergency Response Team (CERT-In), under the Ministry of Electronics and IT, has issued a high-risk cyber security alert warning millions of Android users about serious vulnerabilities in devices running Android versions 13, 14, 15, and 16.

According to the agency, these security flaws could allow hackers to steal personal data, install malicious apps, or take complete control of your phone.

Which Devices Are Affected?

CERT-In’s report states that this threat impacts almost all major smartphone brands that use Android.
Devices from Samsung, OnePlus, Xiaomi, Realme, Motorola, Vivo, Oppo, and Google Pixel are all potentially vulnerable, as they rely on Android versions containing these weaknesses.

The issue isn’t limited to software alone — it extends to the hardware components supplied by major chip manufacturers like Qualcomm, MediaTek, NVIDIA, Broadcom, and UNISOC.
This means that the vulnerabilities could also affect smart TVs, wearables, and IoT (Internet of Things) devices, making the risk far more widespread.

How Can Hackers Exploit These Flaws?

CERT-In explained that the vulnerabilities could enable cybercriminals to gain administrative access to affected devices.
Once they have control, they could:

• Install or delete apps remotely

• Access personal and financial data such as passwords and banking details

• Manipulate system functions or corrupt files

Google has also acknowledged these security flaws in its November 2025 Android Security Bulletin.
If users fail to install the latest updates, hackers may exploit these weaknesses to infiltrate sensitive accounts, including email, cloud storage, and mobile banking apps.

CERT-In’s Safety Recommendations

To protect yourself from potential attacks, CERT-In has issued the following urgent safety measures:

1. Install the latest security updates immediately.
   Always keep your Android device up to date with the newest system and security patches released by your phone manufacturer or Google.

2. Avoid downloading apps from third-party sources.
   Only use trusted platforms like Google Play Store to prevent malicious apps from entering your device.

3. Enable automatic updates.
   Keeping auto-update mode active ensures your phone automatically receives critical patches as soon as they are available.

4. Activate Google Play Protect.
   This built-in feature scans apps in real time to identify and block harmful activities.

5. Be cautious with unknown links and attachments.
   Never click on suspicious links or open email attachments from unverified senders — they may contain malware designed to exploit these vulnerabilities.

The Bottom Line

This latest warning from CERT-In is a timely reminder that cybersecurity begins with user vigilance.
Android’s widespread use makes it a popular target for attackers, and even small delays in installing security updates can expose users to major risks.

Regularly updating your device, avoiding unverified apps, and maintaining basic cyber hygiene are the simplest and most effective ways to protect your data in today’s connected world.