Currently, Android is one of most welcomed operating systems. Nevertheless, is Android excellent enough to ensure data security? It is of course not. Surely, it can not be denied that Google is improving security protocol of Android because of great pressure, but this improvement can not keep data in Android absolutely safe. The first proof of concept bug has been released, and it was found from Webkit platform for the first time. And Google has fixed this bug in Android 2.2 namely Froyo. However, devices installing Froyo just are just a small part of Android devices, which means most Android users may be attacked because of this bug. In addition, there are many potential bugs in kernel of Android 2.2, which threat Android data security along with Webkit bug. Vanja Svajcer, a chief virus researcher in Sophos, suggests Google developing an automatic security update mechanism which is similar to traditional desktop system to confirm Android data security. Of course, there are hardly differences between current smart phones and desktop computers used several years ago. Therefore, flexible and safe security update mechanism is not strange to operating system developers and mobile phone manufacturers. We hope this mechanism could be developed as early as possible.