Android Security Gaps: Experts Warn on 0-Click Exploits

Security researchers have identified critical vulnerabilities in Android devices, particularly the Pixel 9, exploitable through 0-click attack chains that require no user interaction. The analysis reveals that audio decoding processes in Google Messages and text-to-speech features create unnecessary attack surfaces by supporting rarely-used codecs like Dolby UDC. These decoders are typically not used for regular messaging but remain active, increasing vulnerability risks. Experts recommend removing uncommonly-used decoders from automatic processing to reduce exposure. The report also warns that AI-powered mobile features, while beneficial, may inadvertently expand 0-click attack surfaces without proper security review. Vendors must carefully evaluate how new features impact device security before deployment to protect users from sophisticated exploitation techniques.