Hackers deserve no praise from anyone, but one thing that can’t be denied is their creativity. They’ve found ways to penetrate secure systems, hijack hospital records and even skim your data from shopping carts on some of the world’s biggest marketplaces so it is needed to update your Android now.

But now, a new security flaw has been discovered that puts the ultimate privacy violation into the hands of cybercriminals: the ability to spy on users through their phone cameras so update your Android now.

This critical glitch extends to millions of Android phones, but a series of new patches might be able to keep your phone safe. Here’s what security researchers found, and how you can update your phone to protect your privacy.

Android cameras compromised by security flaw

According to research published by cybersecurity firm Checkmarx, a wide swathe of Android handsets are vulnerable to a security flaw that can let cybercriminals hijack cameras and microphones. Researchers fear a malicious app could exploit the flaw to spy on users by covertly recording audio and video.

The flaw is apparently related to Android’s built-in permissions settings, which don’t require authentication to open the camera or microphone so update your Android now. All a malicious app needs to do is request access to storage — which nearly every app asks for upon installation.

Checkmarx researchers built a custom app to test the vulnerability, and found it confirmed their worst-case scenario predictions. They were also able to successfully hide that the app was spying by silencing the camera shutter.

Not only does the flaw allow hackers to eavesdrop on users, it can also pinpoint their geographical location. If a users allows for location data to be saved to images and videos, hackers spying on them will automatically know where they are.

To close this loophole, Google has issued patches and updates for its line of Pixel smartphones. Samsung has also released patches for its own handsets, and is encouraging users to update their devices as soon as possible.

It’s unknown how many other Android models are affected, or if there will be anything beyond Android software updates to combat the vulnerability.

Am I affected? How can I protect myself?

To stay safe, researchers and manufacturers alike are encouraging all users to update their phones immediately. This will install the latest camera software to prevent unauthorized snooping.

To update your phone, you’ll want to open the Settings app (the one with the gear-shaped icon). Near the bottom of the page, tap on System, then Advanced and finally, choose System Update.

If you’re on an older version of Android, you can open Settings, then System and tap About this phone if you don’t see an option for Advanced.

The menu you arrive at will allow you to check for the latest update, and download it if you haven’t already. Make sure to follow any instructions that appear on your screen carefully, and stay plugged into a power source to prevent your device from powering off mid-update.

If you’re a Google Pixel owner, you can turn off photo and video location stamps by navigating to the Camera app, tapping More, then Settings. On this page, turn off Save location.

This discovery, along with the quick updates by Google and manufacturers, underscore just how important security research is to the modern mobile ecosystem. Without the efforts of Checkmarx, we might never have noticed our phones were spying on us (or rather, hackers spying on us).

Our phones spy on us anyway — whether we like it or not. It’s just less about crime and more about marketing. Click or tap to see why your phone is listening to you.