Google’s May update for Pixels is here with a new anti-rollback bootloader

Google has started rolling out the Android 15-based May 2025 security patches to all eligible Pixel phones, tablets, and

foldables
, and the changelog is fairly minimal. But this one comes with a wrinkle — in order to block exploits from past versions, the bootloader has been updated with a new anti-rollback threshold on some models. In other words, once you update to the May 2025 security patches, there’s no going back to older firmware versions.

The company announced today’s update on its product forums, noting that it has a build number of BP1A.250505.005 on most eligible devices. The update is being seeded to all of Google’s Android devices starting today, from the Pixel 6 through the Pixel 9a, though the company notes that the rollout will be conducted in phases over the course of the next week.

Google’s release notes mention fixes for poor microphone quality in some apps, Bluetooth pairing with certain smartwatches, and a bug where the device’s secondary language was erroneously displayed in the Quick Settings.

Unfortunately, there’s no mention of the delayed notifications bug that has been plaguing many Pixel users since the April 2025 update rolled out. We will have to test the new version for a day or two to see if this issue has been resolved.

Zero-days and anti-rollback measures

On the factory images page for this version, Google explains that today’s update “increments” the anti-rollback version for the bootloader on the Pixel 6 series, Pixel 6a, Pixel 8 series, and Pixel 8a. The bootloader is a piece of low-level software that loads the Android system images when your phone starts up — not very different from your PC’s BIOS or UEFI loading up Windows — so it can be used to define a minimum OS version. With this update, the minimum OS version threshold has been raised to May 2025.

You’ll notice that Google mentions “previous vulnerable versions” in its warning about the new anti-rollback threshold. The purpose of raising this threshold is to prevent a bad actor from being able to flash older firmware over top of this update, thus making it possible to exploit a recently-patched vulnerability again.

Notably, two zero-day exploits (CVE-2024-53197 and CVE-2024-53150) were patched in last month’s Android security update, with one reportedly being used to hack into a Serbian student activist’s phone. The May 2025 Android Security Bulletin mentions yet another zero-day exploit (CVE-2025-27363) — one that Cyber Insider reports as having a “significant” risk of exploitation in the wild.

It’s likely that Google has implemented the newer anti-rollback threshold to prevent one or more of the recent zero-day exploits from being used on devices with unlocked bootloaders. On such devices, a bad actor would not be able to flash an older, vulnerable OS version in order to exploit one of these zero-days — at least, not after this update has been installed.

This does mean, however, that not even the device’s rightful owner will be able to flash back to an older OS version after installing today’s update. This shouldn’t be an issue for most people, but it might cause problems for folks looking to root their Pixel or flash a custom ROM.

Rollout and availability

As mentioned earlier, this update will be made available to all Pixel devices, from 2021’s Pixel 6 series to present. And while the rollout begins today, it may take as long as a week to reach all users, depending on device type and carrier. To see if it’s available on your Pixel, head to Settings → System → Software updates → System update and tap Check for updates.