Google revealed a certificate leak that will affect millions of Android phones from Samsung, LG, Xiaomi and others. The leak allowed the creation of a malware application to gain access to the entire Android operating system.
This information was shared by Googler Łukasz Siewierski to the 9to5Google page. The certificate in question is a platform certificate meant to verify the authenticity of the "Android" apps that are part of every phone, but are also used to sign individual apps from manufacturers.
Reporting from Android Central, companies like Samsung use platform certificates to validate their applications for use on Android. The thing is these certificates have the highest level of access to the system, allowing almost unrestricted access to user data.
That's why it's such a big problem when malware gets the platform certificates used by Android apps. Bad actors can get just as broad permissions.
Advertisements
Malware that uses platform certificates can gain system access without any user interaction at all. Typically, Android malware has to go to great lengths to ask the user to provide further permissions, such as access to accessibility services, which are then used to extract data and information from other apps.
When malware uses the same certificate as a root Android app, it doesn't need to jump through the hoop. Malware can also pretend to be trusted pre-installed applications and appear as updates to users, making it even more difficult to discover that something is wrong.
Luckily, the Android Security Team revealed that the OEM has fixed the issue.
"OEM partners immediately implemented mitigation actions as soon as we reported a major breach. End users will be protected by user mitigations implemented by OEM partners. Google has implemented broad detection for malware in the Build Test Suite, which scans system scans. Google Play Protect also detects malware . There is no indication that this malware is or has ever been in the Google Play Store. As always, we advise users to make sure they are running the latest version of Android." said the Android Security Team.
Samsung also notified Android Police in a statement that the update had been issued since 2016 and that "there are no known security incidents regarding this potential vulnerability."
However, due to the protection provided by Google Play Protect, users need not worry about these vulnerabilities of the apps they install from the Play Store. However, you should always be wary of sideloading apps onto your Android phone and always make sure you are using the latest version of Android.