According to experts, they have found “critical” security vulnerabilities in Android devices that pose the risk of fingerprint and facial data theft.

The team at EPFL in Switzerland reportedly discovered over 30 issues in Google’s mobile operating system after hacking into the system to identify its vulnerabilities before malicious attackers could exploit them. Cybersecurity researcher Mathias Payer, who heads EPFL’s HexHive lab, said: “Vulnerabilities in smart devices are the Achilles heel that can compromise the most critical aspects of a mobile device.”

“The main risk is that hackers can break into your system and gain lifetime access to your data as long as you have the same phone. Your phone is no longer secure.”

To put it simply, Android processes information through three main layers. First, there is a security monitor that switches back and forth between the world of encrypted data, the so-called “secure world”.

Then there’s a second layer that’s split in half, with one half storing encrypted, sensitive data and the other “normal” part being an open source operating system known as the Linux kernel. And finally, there’s the part you’d recognize – everyday apps.

EPFL claims it found security issues in all three layers using a technique called “fuzzing,” which uses a model to feed “unexpected code inputs” to software to reveal its problems. It said it found 34 bugs in “the most fundamental and privileged layer of Android security,” 17 of which were classified as “critical” – the highest risk category.

This puts sensitive information such as fingerprints, facial data, credit card and social security details on an Android device at risk of being stolen. They also claim that if Android devices are not updated “properly,” hackers could force a downgrade to more vulnerable versions of apps to obtain sensitive information.

To prove this, the team analyzed more than 35,000 trusted applications from various phone manufacturers, they say. And what makes matters worse: They claim that iPhone devices could also have similar vulnerabilities.

Payer continued, “We studied the Android system because of the open nature of its platform, but similar security flaws are likely present in the iPhone ecosystem as well. We see much less public security research on iPhones because of Apple’s closed approach, which forces researchers to first reverse engineer important information that is publicly available on Android.”

Before publishing their research, the team claimed it had complied with industry standards by responsibly disclosing the findings to affected vendors and giving them 90 days to make fixes. Philipp Mao, a PhD student who also worked on the project, added: “Android is a complex ecosystem with many different vendors and devices. Patching vulnerabilities is complex.”

“The insights from our research and our automated tools will help secure future systems.”

So what’s the final word? EPFL recommends keeping your phone’s system and apps up to date by installing newer versions wherever possible. Both Apple and Google have been contacted for comment on these findings.