Google this week announced that no security patches have been released for Android, Pixel devices, and other Android-based platforms this month, ending a decade-long streak of security updates.
As customary in the first week of each month, security bulletins were published for the core Android operating system, as well as for Pixel devices, Android Automotive OS (AAOS), Wear OS, and Pixel Watch, but they all contain the same message: there are no security patches in the July 2025 bulletin.
This is the first month without security updates since Google started rolling out monthly Android fixes in August 2015, looking to make the mobile operating system safer for both users and vendors.
The lack of security patches for July 2025 does not mean that Android has reached perfection in terms of security, albeit Google has made significant efforts to reduce the incidence of vulnerabilities across the ecosystem and to reduce the overall attack surface.
For example, the internet giant has added protections to make the exploitation of memory safety bugs such as use-after-free vulnerabilities more difficult, and adopted Rust, a programming language that is not plagued by the memory safety hazards C++ has.
The adoption of Rust has led to a significant drop in memory safety bugs in Android, Google said in September 2024, a trend expected to continue as new code is developed using the memory-safe programming language, while the older code matures.
Since kicking off the practice of monthly security fixes in response to the critical Stagefright vulnerabilities, Google has fixed close to 8,000 flaws in Android, with each of the monthly rollouts also addressing dozens of issues in software from chip makers and other third-party components.
For example, Qualcomm this week announced patches for multiple critical- and high-severity defects, while MediaTek warned of high-severity issues in its chipsets, and the lack of July 2025 security updates for Android may delay the delivery of some of these fixes for billions of users.
During the first half of 2025, Google shipped fixes for roughly 270 vulnerabilities in Android and its third-party components, including six zero-days. Since August 2015, it has patched around 40 zero-days in the platform.
Related: Over 30 Vulnerabilities Patched in Android
Related: Android Update Patches FreeType Vulnerability Exploited as Zero-Day
Related: Android Update Patches Two Exploited Vulnerabilities
Related: Google Patches Pair of Exploited Vulnerabilities in Android
