Google Revealed Vulnerability Threatening Millions of Android Devices

by nativetechdoctor
1 minutes read

A new post on Google’s Android Partner Vulnerability Initiative (APVI) website has revealed a security flaw affecting millions of Android devices.

According to TechGoing , Google said that hackers exploiting this vulnerability will be able to install malware in many phones from Android OEM partners such as Samsung, LG, Xiaomi… Through the vulnerability, the software Malicious users can gain the highest privileges at the system level.

The cause of this vulnerability lies in the platform certificate. engineer Lukasz Siewierski Google was the first to discover the certificate issue, saying these certificates (or signing keys) determine the legitimacy of the Android version on the device, as well as allowing vendors to application signing.

Although Android assigns a unique user ID (UID) to each app at installation, apps that share a signing key can also have a shared UID and access to each other’s data. And this design allows applications signed with the same certificate as the operating system itself to receive the same privileges.

The crux of the problem is that some OEMs’ Android platform certificates have been leaked out and are now being abused to sign malicious apps with the same privileges as Android, Google said. These applications can obtain system-level privileges directly on the affected device without interacting with the user. Therefore, once an Android device is infected, that malware can access all the data without the user’s knowledge.

Related Posts

Leave a Comment

Discover more from freewareshome

Subscribe now to keep reading and get access to the full archive.

Continue reading

Adblock Detected

Please support us by disabling your AdBlocker extension from your browsers for our website.