Executive Summary

Google has published its February 2026 Android Security Bulletin and the accompanying Pixel Update Bulletin, detailing the latest batch of security fixes for its supported Google Pixel devices. The over-the-air (OTA) update addresses a range of security vulnerabilities in the Android framework, system components, and vendor-specific drivers. By installing the update, devices will be brought to the 2026-02-05 security patch level, which signifies that all vulnerabilities described in the February bulletins have been remediated. All Google Pixel owners are strongly encouraged to install the update to protect their devices and data.

Vulnerabilities Addressed

Monthly Android security updates are composed of patches for vulnerabilities discovered by Google, third-party researchers, and hardware partners. The February 2026 update is split into two main patch levels:

• 2026-02-01: This patch level addresses vulnerabilities in core Android components.
• 2026-02-05: This is a complete patch level that includes all the fixes from 2026-02-01, plus additional patches for kernel and vendor-specific vulnerabilities. All Pixel devices will receive the 2026-02-05 patch level.

While specific details on the most critical flaws are often withheld for a period to allow for user adoption, these updates typically fix vulnerabilities ranging from moderate to critical, including flaws that could lead to remote code execution (RCE), privilege escalation, or information disclosure.

Affected Products

All supported Google Pixel devices are eligible for the February 2026 update. This generally includes the Pixel 6 series and newer, though the exact list depends on Google's official support lifecycle for each model.

Impact Assessment

The vulnerabilities patched in these monthly updates could, if left unpatched, allow a malicious actor to compromise a device. This could be achieved through various vectors, such as tricking a user into installing a malicious app, visiting a malicious website, or via a remote, interaction-less exploit in a networking component. A successful compromise could result in the theft of personal data, financial information, and credentials, or the use of the device for surveillance.

Deployment Priority

This is a critical security update that should be installed as soon as it is available. The public disclosure of these vulnerabilities means that threat actors will soon begin analyzing them to develop exploits. Promptly updating is the only way to stay ahead of this threat.

Installation Instructions

Most users will receive an over-the-air (OTA) notification to download and install the update.

1. Go to Settings > System > System update.
2. Tap Check for update.
3. If an update is available, follow the on-screen instructions to download and install it.

For advanced users, factory images and OTA files are also available on the Google for Developers website for manual flashing.