New Year scams and delayed update channels are putting Android users at risk. Here’s a 10-step Android security checklist—updates, permissions, Find Hub, backups, and more—to lock down your phone today.
December 29 is one of the worst days of the year to be careless with your phone. You’ve got year-end travel, new devices being set up, family group chats buzzing—and scammers know it.
Today’s most alarming headline for Android users is a “New Year greeting” WhatsApp scam that pushes people to install a malicious APK (Android app installer file) disguised as a festive message or photo. Cyber experts quoted by The Indian Express warn that these fake apps can ask for high-risk permissions (like SMS and notification access) and then use them to intercept OTPs, take over accounts, and trigger unauthorized transactions. [1]
At the same time, another update-related story is confusing millions: Samsung has confirmed that some Galaxy phones aren’t receiving the latest “Google Play system updates”, with the date stuck at mid-2025 for some devices. Samsung told heise online it paused distribution of Google updates during major One UI/new device rollout periods to avoid potential issues, and plans to include the Google update in January 2026. [2]
And if you needed a third reason to do a quick security sweep today: Google’s Android Security Bulletin for December 2025 says devices on security patch level 2025-12-05 or later address all issues in the bulletin, and it flags two vulnerabilities as showing signs of limited, targeted exploitation. [3]
Put those together and the message is simple: today is a great day to run an Android security checklist—before your phone (or your bank account) becomes someone else’s New Year “gift.”
Today’s Android security news you should know (Dec 29, 2025)
1) WhatsApp “New Year greeting” APK scam: what’s happening
The scam starts with a WhatsApp message urging you to download an APK to view a “custom greeting,” often dressed up as something friendly and festive. The Indian Express reports that once installed, the malicious app may request permissions that make no sense for a greeting (SMS, notification access, contacts/storage), then use them to read OTPs, monitor alerts, spread itself through WhatsApp, and in some cases enable unauthorized transactions. [4]
Key rule: If a greeting requires installing an app, it’s not a greeting. [5]
2) Confusing updates on Samsung: security patch vs Google Play system update
Samsung confirmed to heise online that it temporarily suspended distribution of some Google updates during major One UI/new device periods, with a plan to include the Google update in January 2026. [6]
This matters because Android has more than one “update” channel:
- Security patch level (often delivered by the manufacturer)
- Google Play system update (a modular update channel Google uses for some core components)
- Google Play services / Play Store updates (app/service updates)
SamMobile notes many Galaxy phones have fallen behind on Google Play system updates (some since August/July), even while still receiving Samsung’s regular security patches. [7]
3) December 2025 Android Security Bulletin: what to check on your phone
Google’s December 2025 bulletin says patch level 2025-12-05 or later addresses all listed issues and calls out two CVEs as potentially exploited in limited, targeted attacks. [8]
Bottom line: check your patch level today—and don’t assume “I updated recently” means you’re current.
The 10-step Android security checklist to run today
Android Authority recently published a practical 10-item checklist of the Android privacy and security settings they review regularly. Below is an expanded, year-end version—built on that checklist and updated for today’s scams and update confusion. [9]
1) Check for Android security updates (and don’t forget Google Play system updates)
This is the fastest, highest-impact win.
What to do (typical path):
- System update (manufacturer/OS): Settings → System → Software update (exact wording varies)
- Google Play system update: Settings → Security & privacy → System & updates → Google Play system update [10]
What “good” looks like today:
Google says security patch level 2025-12-05 or later addresses all December bulletin issues. [11]
If you’re on Samsung and the Play system update looks “stuck”:
That may be intentional during One UI rollout windows, with Samsung saying Google updates are planned to resume in January 2026. Still, you should keep your Android security patch level current when your device offers it. [12]
2) Uninstall apps you don’t use—and review your default apps
Unwanted apps are risk and clutter: more code, more permissions, more potential exposure.
Do this:
- Settings → Apps → sort by least used (if your device supports it) → uninstall what you don’t recognize or no longer need [13]
- Settings → Apps → Default apps (or similar) → confirm your browser, SMS, phone, and payment defaults haven’t changed unexpectedly [14]
Why it matters today: Many APK-based scams depend on you installing “just one” app you didn’t need in the first place. [15]
3) Audit high-risk permissions (SMS, Notifications, Accessibility)
If you do only one deep check, do this one.
Android Authority recommends regularly reviewing app permissions via the Permission Manager. [16]
Where to look:
- Settings → Security & privacy → Permission manager [17]
What to look for (red flags):
- Apps with SMS access
- Apps with notification access
- Apps with Accessibility privileges (often abused by malware for “remote control” behavior)
In the WhatsApp New Year greeting scam coverage, experts specifically describe malicious APKs requesting SMS and notification-related access, then using it to read OTPs and monitor transaction alerts. [18]
4) Tighten your “anti-scam” layer: Play Protect + smarter blocking
Google’s Android Security Bulletin highlights that Google Play Protect actively monitors for abuse and warns users about harmful apps, and notes it’s enabled by default on devices with Google Mobile Services—especially important for people who install apps outside Google Play. [19]
Checklist:
- Make sure Play Protect is enabled in Google Play
- Avoid installing apps from links/messages—even if the message looks like it came from someone you know (accounts get compromised)
Android Authority also stresses that blocking scam ads and fake dialogs is now a security issue, not just an annoyance. [20]
5) Run an “unknown tracker” scan (it takes seconds)
Android can detect unknown trackers nearby, but it’s worth manually scanning.
Path (as described by Android Authority):
Settings → Safety and Emergency → Unknown tracker alerts → Scan now [21]
Also check that Allow alerts is enabled so your phone can run periodic checks automatically. [22]
6) Confirm Find Hub and Theft Protection are actually on
If you lose your phone, this becomes the most important step you wish you’d done.
Android Authority recommends checking both Find Hub (Google’s device locator service) and Android’s Theft Protection settings (Theft Detection Lock, Offline Device Lock, Remote Lock). [23]
Livemint also called out Find Hub as a “crucial safety net,” especially because it may not be enabled by default on every device. [24]
Quick checklist:
- Open Find Hub and make sure your device appears and can be reached [25]
- Enable theft features:
- Theft Detection Lock
- Offline Device Lock
- Remote Lock [26]
7) Check your backups are still backing up
Backups are security. They’re what let you wipe a compromised phone and recover without panic.
Android Authority’s checklist includes verifying backup status and checking for errors. [27]
Do this today:
- Check the last successful backup time
- Confirm photos, messages, and device settings are included (options vary by device maker)
8) Do a password refresh (and use a password manager properly)
Android Authority notes that while not everyone agrees on frequent password changes, a practical approach is to ensure:
- your important passwords are strong, and
- new logins are actually captured by your password manager (so you aren’t tempted to reuse weak passwords). [28]
Year-end best practice:
- Change passwords for:
- your Google account
- your primary email
- banking/payment apps
…especially if you’ve reused them elsewhere.
9) Review recent Google account activity (devices + third-party access)
Your phone can be locked down—and your account can still be the weak point.
Android Authority recommends checking:
- third‑party apps/services connected to your Google account
- devices signed into your account
- recent security activity [29]
Practical approach:
- Remove devices you no longer own/use
- Remove third‑party apps you don’t recognize or trust
10) Cancel “sneaky” subscriptions you forgot you started
Security isn’t only about attackers—it’s also about reducing unnecessary access and recurring charges.
Android Authority recommends reviewing Google Play subscriptions regularly. [30]
Path:
Play Store → profile icon → Payments & subscriptions → Subscriptions → cancel what you don’t need [31]
If you received an APK on WhatsApp today, do this immediately
Based on the safety steps outlined in today’s WhatsApp New Year greeting scam coverage, here’s a clean, practical response plan. [32]
- Do not install it. Delete the message and warn the sender (their account may be compromised). [33]
- If you already installed it: uninstall the suspicious app immediately. [34]
- Disconnect from the internet and run a trusted mobile security scan. [35]
- Change passwords (WhatsApp, email, banking) from another, clean device. [36]
- Monitor bank activity and contact your bank if anything looks wrong. [37]
- In India, the article notes you can register a complaint via cybercrime.gov.in or call the cybercrime helpline 1930 (local guidance varies by country). [38]
The “15-minute year-end Android lockdown” order of operations
If you want the fastest, lowest-effort sequence:
- Update check (system + Play system update) [39]
- Permissions audit (SMS, Notifications, Accessibility) [40]
- Remove unused apps + defaults review [41]
- Find Hub + Theft Protection [42]
- Backups [43]
- Google account activity [44]
- Subscriptions cleanup [45]
Then set a recurring reminder: monthly for app/permission cleanups, and weekly or bi-weekly for update checks—especially around major OS updates and holiday scam seasons.
References
1. indianexpress.com, 2. www.heise.de, 3. source.android.com, 4. indianexpress.com, 5. indianexpress.com, 6. www.heise.de, 7. www.sammobile.com, 8. source.android.com, 9. www.androidauthority.com, 10. www.androidauthority.com, 11. source.android.com, 12. www.heise.de, 13. www.androidauthority.com, 14. www.androidauthority.com, 15. indianexpress.com, 16. www.androidauthority.com, 17. www.androidauthority.com, 18. indianexpress.com, 19. source.android.com, 20. www.androidauthority.com, 21. www.androidauthority.com, 22. www.androidauthority.com, 23. www.androidauthority.com, 24. www.livemint.com, 25. www.androidauthority.com, 26. www.androidauthority.com, 27. www.androidauthority.com, 28. www.androidauthority.com, 29. www.androidauthority.com, 30. www.androidauthority.com, 31. www.androidauthority.com, 32. indianexpress.com, 33. indianexpress.com, 34. indianexpress.com, 35. indianexpress.com, 36. indianexpress.com, 37. indianexpress.com, 38. indianexpress.com, 39. www.androidauthority.com, 40. www.androidauthority.com, 41. www.androidauthority.com, 42. www.androidauthority.com, 43. www.androidauthority.com, 44. www.androidauthority.com, 45. www.androidauthority.com
