Millions of Android devices could be vulnerable from the moment they’re taken out of their boxes, thanks to a combination ofmanufacturer skinsand carrier bloatware added to the Android operating system’s firmware.

The news comes froma studyby mobile security firmKryptowire. It tested 10 devices sold across the U.S. by a variety of carriers and discovered that various additions made to the Android operating system by manufacturers and carriers could leave users open to being hijacked and hacked. According to Wired, these vulnerabilities ranged from getting unfettered access to the microphone to being able to completely lock a user out of their phone.

A particularly disturbing example was theAsus ZenFone V Live, which was discovered to have security flaws that could lead to the entire system being taken over. From there, a hacker could take screenshots, screen recordings, tampering with text messages and phone calls, and more. Asus is aware of this issue and is working to seal the hole.

Android’s open-source nature is one of its major strengths, and that accessibility has allowed manufacturers to put their own spins on Google’s operating system, whether that be the light changes made by Motorola, the larger changes made by Samsung, or the vast overhauls made by Huawei to the core Android systems.

While these changes allow each company to use Android while still being individual, tampering with such core code always comes with risks. In addition, having to make big changes to Google’s code often means that vital security patches and major updates can be much slower on phones with significant UI changes. Carrier bloatware — apps added after manufacture by networks — is often unremovable, can also add to security problems if delivered with security issues at the time of release.

In order to avoid possible security issues, it’s best to always make sure your phone is fully up-to-date and only ever install apps from the Google Play Store. Updates can commonly be found inSettings>System>Updates, though that may change from phone to phone. We’ve also put together a guide onhow to remove or disable bloatware, as well as some of thebest antivirus and security Android appsavailable, so you can ensure your security is in tip-top shape.