It said that while the number of issues being fixed was high, there is no evidence of a real world threat on even the most serious flaws.
"The most severe of these issues is a Critical security vulnerability that could enable remote code execution on an affected device through multiple methods such as email, web browsing, and MMS when processing media files," it said.
"We have had no reports of active customer exploitation or abuse of these newly reported issues. Refer to the Android and Google service mitigations section for details on the Android security platform protections and service protections such as SafetyNet, which improve the security of the Android platform. We encourage all customers to accept these updates to their devices."
One of the fixes relates to a flaw first reported to the company on 3 January on 2014 and another on 25 December 2014.
LG, a third party that offers handsets running Android, has reacted to the patches already. It says that they cover a mix of vulnerabilities and that at least one is very critical. Left unchecked it would allow for remote code execution, and no one wants that kind of threat live in their pocket.
"The January Security Bulletin contains the patches for the vulnerabilities from Google and LG. The most severe of these vulnerabilities is a Critical security vulnerability that could enable remote code execution on an affected device through multiple methods such as email, web browsing, and MMS when processing media files," said LG in its information.
"The security patch level is [2107-01-01] and the patches contains the fix for the CVE items and the 8 LVE items."
LG recommends all users update their devices to the latest version of the software.
400 engineers have been working in secret on electric car project for the past two years, admits James Dyson
Russian Taiga smartphone promises snoop-proof communications - coming soon to employees of Russian state-owned firms
Eugene Kaspersky's ex outs smartphone that claims to prevent apps from spying on users
Deloitte accused of leaving its internal Active Directory server exposed to the internet with RDP open
Deloitte accused of lax systems administration and security practices over email hack
Lax systems administration practices blamed for exposing millions of sensitive client emails