Google again trails Samsung this month, with details of its June security update only just out. Unlike Samsung, though, this month’s Pixel update includes multiple critical updates, and a fix for a high-severity vulnerability Google says “may be under limited, targeted exploitation.” View this as an update now warning for millions of users.
In addition to the monthly security update, this is a quarterly drop of new Android features—perhaps the last before Android 15 later in the year. Unsurprisingly, this one includes AI add-ons—a must-have now that Apple has shot out of the traps with its innovative iOS 18 showcase. And so it’s also no surprise that more on-device, privacy-focused AI enhancements have come to the Pixel 8 and Pixel 8a, despite original expectations that hardware limitations would prevent this.
The critical June fixes address vulnerabilities in core Pixel software and firmware that could enable a local attacker to escalate device privileges, accessing functionality and data that should be locked down. As ever, such issues while unlikely to open the door to a remote attack on their own, could potentially be leveraged in a chain attack, linked with other exploits to destabilize or exfiltrate sensitive data and credentials.
It won’t be lost on Pixel users that the Android vulnerability landscape continues to make headlines, with the latest report detailing “90 malicious applications uploaded to the Google Play store—which have collectively garnered over 5.5 million installs.”
It also won’t be lost on those users paying attention to Google’s efforts to erect higher security fences around its devices that Android 15 previews have been far more security focused than we’ve ever seen before. New features includes a cellular intercept warning that’s hitting the mainstream for the first time, a “private space” to lockdown especially private data, and the introduction of a new AI-based live threat detection framework that should flag malicious apps more quickly.
Whether or not this is enough remains to be seen, and June’s long list of critical and high severity fixes may or may not provide reassurance. In reality, this month’s expansion of Nano capabilities across the Pixel footprint might make more of a difference. Apple’s shining a light on the limitations of on-device processing and the dangers of in-cloud processing are difficult for Google (and Samsung) to duck. Apple has presented a third way, a private cloud architecture that’s new and unique. They have changed the debate from the “on-device good, cloud bad” narrative that we expected, and consequently neither Google nor Samsung have an answer as yet.
Don’t expect much user reaction across Android or Pixel just yet—but give it 12-18 months as the novelty AI features we see today dovetail into always-on, always chatty device assistants that access our entire ecosystem of comms, calendars and calls. This is a nightmare in the making, and one we underestimate at our individual and collective peril. Google has made a fast start in the smartphone AI stakes, but this is going to be more a marathon than a sprint, and Android and Pixel need a strategy.
Meanwhile—turning to the here and now, Pixel owners will see the new security update hit their devices in the coming days. “All supported Google devices will receive an update to the 2024-06-05 patch level,” the company says. “We encourage all customers to accept these updates to their devices.” If it’s not available yet for your model and carrier, it will arrive some time this week. Watch for the notification and then ensure the update downloads and installs and the device restarts.
