November marks the release of a new Android security patch. Google asserts that this update is intended to address a critical Android 14 storage bug that was preventing some users from accessing their devices. The November Security Bulletin features the usual array of security fixes, while the consumer-facing Pixel patch notes reveal a few user-oriented changes. Of particular significance is the line “Fix for issue occasionally causing devices with multiple users enabled to show out of space or be in a reboot loop.” The Pixel 6, Pixel 6a, 6 Pro, 7, 7 Pro, 7a, Tablet, Fold, Pixel 8, and Pixel 8 Pro are all covered under this fix.
The Android 14 storage bug has persisted for approximately 33 days. Devices with multiple users were affected by a storage issue that locked users out of their devices. Some devices were rendered completely unusable, experiencing constant boot loops without reaching the home screen. Others were able to boot up but encountered significant issues due to lack of access to lock storage. Some users have compared the bug to “ransomware,” a type of malware that encrypts local storage and demands payment for data recovery. While one solution is to perform a factory reset, many users are hesitant to do so.
Reports of this bug first surfaced just days after the October 4th launch date. Although Google typically rolls out updates gradually and can retract updates if issues arise, this bug was not addressed promptly, allowing it to affect numerous users. Following extensive user complaints, Google acknowledged the bug after approximately 20 days, attracting over 1,000 likes and 850 comments on the issue tracker thread.
Google has promised a rescue patch, but only “some” data is recoverable, and the update may not enable data recovery for devices that are repeatedly rebooting. This aligns with user experiences following the update, as those who can boot up have reported successfully fixed devices, while others encountering boot loops have not seen any improvements. Some users are still hoping for some form of data recovery, but it appears unlikely based on current findings.
This turn of events highlights a significant failure of Google’s controls and safeguards within Android. Despite gradual update rollouts and dual system partitions designed to mitigate boot failures, these mechanisms failed in this instance. Google also deployed a quick-fix patch via Google Play System Updates in the Play Store, but because the application passively waits for a reboot to apply the patch, users continued to be impacted by the bug days after the patch release. Additionally, the data backup system for apps, which was intended to serve as a safety net, has proven to be inadequate due to a lack of universal utilization.
This entire ordeal exposes a technical failure within several Android systems, indicating the necessity for critical changes to be made to prevent similar issues in the future.