Tags:

• 2026060600 (Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, Pixel 7 Pro, Pixel 7a, Pixel Tablet, Pixel Fold, Pixel 8, Pixel 8 Pro, Pixel 8a, Pixel 9, Pixel 9 Pro, Pixel 9 Pro XL, Pixel 9 Pro Fold, Pixel 9a, Pixel 10, Pixel 10 Pro, Pixel 10 Pro XL, Pixel 10 Pro Fold, Pixel 10a, emulator, generic, other targets)

Changes since the 2026060100 release:

• Launcher: fix upstream bug causing the recents button to become unresponsive for users with third party launchers
• replace validation of Play Store source stamps with a correct implementation (this isn't yet used for security-sensitive purposes but we plan to begin using it to replace security-relevant Play Store source checks in the near future)
• replace implementation of using Play Store source stamps as a substitute for Play Store installer checks included as part of Play Store anti-tampering protection enabled by certain apps (this prevents using the apps when combined with the Play Integrity API store lising toggles)
• Settings: correctly reset tethering offload developer setting when disabling developer options
• Settings: add one-time reset of tethering offload developer setting to re-enable it for everyone who had it disabled by the upstream Android bug when disabling developer options
• Settings: fix upstream null pointer exception bug in SettingsBasePreferenceFragment when listView is null which occurs with at least one of the developer options
• Pixel 10a: add missing SELinux policy for Pixel Camera TPU usage
• Vanadium: update to version 149.0.7827.59.0
• AppCompatConfig: update to version 5
• AppCompatConfig: update to version 6

All of the Android 16 security patches from the current July 2026, August 2026, September 2026, October 2026 and November 2026 Android Security Bulletins are included in the 2026060601 security preview release. List of additional fixed CVEs:

• Critical: CVE-2026-27280, CVE-2026-28590, CVE-2026-28591, CVE-2026-28604, CVE-2026-28618, CVE-2026-28639, CVE-2026-28662
• High: CVE-2025-48564, CVE-2025-48565, CVE-2025-48566, CVE-2026-0053, CVE-2026-0054, CVE-2026-0062, CVE-2026-0063, CVE-2026-0065, CVE-2026-0084, CVE-2026-28572, CVE-2026-28582, CVE-2026-28583, CVE-2026-28584, CVE-2026-28585, CVE-2026-28588, CVE-2026-28593, CVE-2026-28594, CVE-2026-28596, CVE-2026-28599, CVE-2026-28600, CVE-2026-28602, CVE-2026-28603, CVE-2026-28606, CVE-2026-28607, CVE-2026-28609, CVE-2026-28612, CVE-2026-28613, CVE-2026-28614, CVE-2026-28617, CVE-2026-28619, CVE-2026-28620, CVE-2026-28623, CVE-2026-28624, CVE-2026-28626, CVE-2026-28631, CVE-2026-28632, CVE-2026-28633, CVE-2026-28634, CVE-2026-28635, CVE-2026-28636, CVE-2026-28638, CVE-2026-28642, CVE-2026-28643, CVE-2026-28644, CVE-2026-28645, CVE-2026-28650, CVE-2026-28652, CVE-2026-28655, CVE-2026-28656, CVE-2026-28657, CVE-2026-28658, CVE-2026-28660, CVE-2026-28663, CVE-2026-28667, CVE-2026-28668, CVE-2026-28670, CVE-2026-28671
• Unclassified: CVE-2026-28653

For detailed information on security preview releases, see our post about it.