Smartphones from Samsung and LG were reportedly susceptible to malware due to a significant Android breach that was first discovered by an employee at Google.

A Google employee and malware reverse engineer named ukasz Siewierski claims that certificates belonging to many Android OEMs were compromised and may have been used to insert malware into cellphones. Top Android manufacturers including Samsung, LG, and MediaTek were all susceptible to this flaw.

Platform certificates are used by companies like Samsung to ensure that their Android applications are secure and trustworthy. In the issue tracker, it is noted that applications signed with this certificate need a “android.uid.system is a very high-level user id with access to everything, including user data. The Android operating system allows any programme to declare that it wishes to run with a certain user id, granting it the same privileges as the app claiming the user id.”

Basically, applications that accept these certificates from major OEMs may get system-level rights without user intervention. The fact that malicious actors may mask their programmes as system apps is a major security risk. Applications that are part of the operating system have extensive access and may perform actions or see data that other apps cannot. These applications may even have greater access than you do.

The Samsung Messages app, for instance, is a potential vector for malware infection. The Samsung key might be used to sign this. Malware might then pose as an update, get past installation safeguards, and access almost all of your user data across all of your applications.

Folks, this is bad. Very, very bad. Hackers and/or malicious insiders have leaked the platform certificates of several vendors. These are used to sign system apps on Android builds, including the “android” app itself. These certs are being used to sign malicious Android apps! https://t.co/lhqZxuxVR9December 1, 2022

See more

“OEM partners promptly implemented mitigation measures as soon as we reported the key compromise. End users will be protected by user mitigations implemented by OEM partners. Google has implemented broad detections for the malware in Build Test Suite, which scans system images. Google Play Protect also detects the malware. There is no indication that this malware is or was on the Google Play Store. As always, we advise users to ensure they are running the latest version of Android.”

In addition, Samsung stated that patches have been available since 2016 and that “there have been no known security incidents regarding this potential vulnerability.”

Users should not be concerned about these vulnerabilities in Play Store apps thanks to Google Play Protect. However, you should always use the most recent version of Android and be wary of sideloading apps to your phone.