A new report says that a Major Android security leak left millions of Android devices including Samsung vulnerable to dangerous malware apps.
As per the report, this security leak has led to the creation of “trusted” malware apps that can gain access to Android devices from Samsung, LG, and others.
Google’s Android Partner Vulnerability Initiative (APVI) has publicly disclosed a new vulnerability that affected devices from Samsung, LG, Xiaomi, and others, thanks to Łukasz Siewierski (via Mishaal Rahman).
The affected companies are:
- Samsung
- LG
- Mediatek
- szroco (makers of Walmart’s Onn tablets)
- Revoview
According to Google’s brief explainer, the first step is for each affected company to swap out (or “rotate”) its Android platform signing keys to no longer use the ones that have been leaked.
In addition, Google has also urged all Android manufacturers to minimize how often the platform key is used to sign other apps. This is not for an application that needs the highest level of permissions.
Google says that the issue was first reported in May 2022. Samsung and other smartphone companies have already taken remediation measures to minimize the user impact of these major security leaks.
OEM partners promptly implemented mitigation measures as soon as we reported the key compromise. End users will be protected by user mitigations implemented by OEM partners. Google has implemented broad detections for the malware in Build Test Suite, which scans system images. Google Play Protect also detects the malware. There is no indication that this malware is or was on the Google Play Store. As always, we advise users to ensure they are running the latest version of Android.
— Google spokesperson
There are some simple steps you can take to make sure your device stays secure. For one, be sure that you’re on the newest software version available for your device. You should avoid sideloading applications to your phone, even when updating an app that’s already installed on your device.
