2 billion Android smartphones in danger, really?

It is a message that circulated on Twitter to the point of being viewed a few tens of thousands of times. Published on November 21, it contains a computer security alert. According to him, more than 2 billion people using an Android smartphone – including 100 million with a Pixel range product – would be threatened.

When reading about the dangers that await mobile users, there is reason to be concerned: we are indeed talking about the theft of data and files, bypassing VPNs, unauthorized access to the Bluetooth connection, or even the leak of geolocation elements — which would therefore allow you to know where you are, perhaps even at this moment.

A review of old flaws

Is this then a new, very critical vulnerability, never seen before, and which leaves everyone helpless? Reading the blog post that accompanies the message, absolutely not. In reality, it appears that this publication mainly reviews seven security flaws, real, but which have almost all been resolved.

Cyberattacks: when humans are the weak link

With U-Cyber ​​360°, the French company Mailinblack allows you to protect your organization and educate your employees in cybersecurity.

From the password manager to email security, continuing training and attack simulations, this solution brings together all the tools to prevent cyber risks.

« It should be noted that, if you are reading this, all issues have been resolved since we immediately reported them to Google ”, we also read on the blog postwritten by the company Oversecured, dedicated to mobile IT security. In short, Oversecured especially strives to present technical elements linked to these breaches.

For example, the VPN issue allowed applications to be added to the VPN bypass list — problematic, sure, but the bug originally reported on June 2, 2023, was fixed on December 1, 2023. As for due to the problem linked to Bluetooth, the incident was reported on August 18, 2022, then resolved on November 1, 2024.

Oversecured also deals with vulnerabilities that are sometimes very old – in its list, we find a case that was resolved on June 24, 2021, which is, in smartphone times, extremely distant. There is actually only one incident that has not been resolved, because it was reclassified: from a “serious” severity, it was reclassified as a “low” problem.

« This vulnerability was initially classified as ‘high’, but then its severity was changed to ‘low’ as Google engineers concluded that it was a development error », Recognizes Oversecured in his article. In short, it appears that Oversecured’s tweet is somewhat overwrited — over-written, that is to say excessive.

Some might say that the message on Twitter borrows from the so-called practice of FUD (Fear, uncertainty and doubt), which consists of using an alarmist twist to attract attention. Here, this could be very useful to ensure the virality of the message and encourage the public to click on the link to see what it means.

Despite everything, the tweet has the merit of bringing certain points back to mind. First, that Android’s market share is immense: it’s the world’s first mobile operating system and, therefore, there is indeed a population of mobile users numbering in the billions. Securing Android is therefore an extremely priority subject.

Then, she recalls the importance of keeping your hardware and software up to date. Android, like others, is subject to regular patches which should not be delayed too long. Some fixes are deployed automatically, which means you don’t have to worry about them, or when switching from one version of Android to another.