diff --git a/Dockerfile.android b/Dockerfile.android
index 17762d5..f74c044 100644
--- a/Dockerfile.android
+++ b/Dockerfile.android
@@ -15,20 +15,20 @@ USER 0
 ENV ANDROID_HOME=/opt/android-sdk
 ENV PATH="${ANDROID_HOME}/cmdline-tools/latest/bin:${ANDROID_HOME}/platform-tools:${PATH}"
 
-# Download and install Android SDK command-line tools
+# Download Android SDK command-line tools, install SDK components, and remove vulnerable lint-psi
 RUN mkdir -p "${ANDROID_HOME}/cmdline-tools" && \
     curl -fsSL "https://dl.google.com/android/repository/commandlinetools-linux-${ANDROID_SDK_TOOLS_VERSION}_latest.zip" \
       -o /tmp/cmdline-tools.zip && \
     unzip -q /tmp/cmdline-tools.zip -d /tmp/cmdline-tools && \
     mv /tmp/cmdline-tools/cmdline-tools "${ANDROID_HOME}/cmdline-tools/latest" && \
-    rm -rf /tmp/cmdline-tools.zip /tmp/cmdline-tools
-
-# Accept licenses and install SDK components
-RUN yes | sdkmanager --licenses > /dev/null 2>&1 && \
+    rm -rf /tmp/cmdline-tools.zip /tmp/cmdline-tools && \
+    yes | sdkmanager --licenses > /dev/null 2>&1 && \
     sdkmanager --install \
       "platform-tools" \
       "platforms;android-${ANDROID_COMPILE_SDK}" \
-      "build-tools;${ANDROID_BUILD_TOOLS}"
+      "build-tools;${ANDROID_BUILD_TOOLS}" && \
+    # Remove lint-psi to eliminate protobuf-java 2.6.1 CVEs (saves 86MB)
+    rm -rf "${ANDROID_HOME}/cmdline-tools/latest/lib/external/lint-psi"
 
 # Download Flutter SDK and strip unnecessary files
 RUN curl -fsSL "https://storage.googleapis.com/flutter_infra_release/releases/stable/linux/flutter_linux_${FLUTTER_VERSION}-stable.tar.xz" \