Android users are being placed on red alert after a critical vulnerability was discovered that could allow hackers to compromise devices without any user interaction. The flaw, tracked as CVE-2026-0073, has been given a critical rating by Google and affects all Android devices.
What Is the Vulnerability?
This zero-click exploit means cybercriminals can remotely execute code on Android phones without requiring the user to click a link or download a file. According to Google, the vulnerability could lead to remote code execution with no additional privileges needed, and user interaction is not required for exploitation.
Google's Statement
In its Android Security Bulletin, Google explained: "This Android Security Bulletin contains details of security vulnerabilities that affect Android devices. The vulnerability in this section could lead to remote (proximal/adjacent) code execution as the shell user with no additional execution privileges needed. User interaction is not needed for exploitation."
Which Devices Are Affected?
All Android devices are at risk, but Pixel phones will be the first to receive the security patch. Other manufacturers, including Samsung, are expected to release their own updates soon. Users are advised to check their device settings and install any available updates immediately.
Expert Analysis
Adam Boynton, Senior Enterprise Strategy Manager at security firm Jamf, commented: "May's Android security bulletin is light in volume but notable in shape. The single critical issue, CVE-2026-0073, allows remote code execution with no user interaction required, exploiting a debug interface that should never have been a production attack surface. It is the same architectural pattern commercial spyware operators have built mobile exploit chains on for years: system-level access, no user action, no obvious indicator."
He added: "The takeaway cuts against a decade of mobile security investment. User awareness training does not defend against a vulnerability that requires no user interaction. The defences that work are device-level, including visibility into what is running, enforcement of patch state, and the recognition that the phone in an executive's pocket is as much of an enterprise endpoint as the laptop on their desk."
What Should Users Do?
Android users should check for system updates in their settings and install them as soon as they become available. While Pixel users may see the update first, other brands will follow. Staying up to date is the best defence against this critical threat.
