NHTSA Complaint #11704355 — 2024 CHEVROLET SILVERADO 1500

Formal complaint — outdated Android/Google Built-In security patch level on 2024 Chevy Silverado; potential cybersecurity defect and negligent maintenance by manufacturer. I am submitting a formal complaint regarding a critical cybersecurity and software maintenance defect in my 2024 Chevy Silverado. The vehicle runs Google Built-In / Android Automotive OS with an Android Security Patch Level of February 2024 (as displayed under Settings → About → Android version). As of this writing in December 2025, this patch level is nearly two years outdated, with no available over-the-air (OTA) updates and no clear communication from General Motors or Google regarding continued support or end-of-life status. This condition exposes the infotainment and telematics systems to known and documented vulnerabilities, representing both a cybersecurity defect and potential consumer safety. Description of the defect: The infotainment system reports “Android Security Patch Level: February 2024.” Attempts to check for updates return “Your system is up to date.” The system shows a red exclamation mark beside the patch level, indicating a fault condition or known update gap. Neither the dealer nor OnStar/Customer Support can apply an update manually or clarify the support cadence. This leaves the vehicle permanently exposed to Android-level vulnerabilities discovered and patched long after February 2024. Security and regulatory implications: The infotainment system runs a network-connected OS with Bluetooth, Wi-Fi, cellular, and vehicle bus access. Unpatched Android components are subject to hundreds of known CVEs since February 2024 — including privilege-escalation, RCE (remote code execution), and Bluetooth/Wi-Fi stack vulnerabilities. The U.S. NHTSA Cybersecurity Best Practices for the Safety of Modern Vehicles (2022 update) and ISO/SAE 21434 require that manufacturers maintain timely security updates for all connected vehicle systems.