A new post on Google’s Android Partner Vulnerability Initiative (APVI) website has revealed a security flaw affecting millions of Android devices.
According to TechGoing , Google said that hackers exploiting this vulnerability will be able to install malware in many phones from Android OEM partners such as Samsung, LG, Xiaomi… Through the vulnerability, the software Malicious users can gain the highest privileges at the system level.
The cause of this vulnerability lies in the platform certificate. engineer Lukasz Siewierski Google was the first to discover the certificate issue, saying these certificates (or signing keys) determine the legitimacy of the Android version on the device, as well as allowing vendors to application signing.
Although Android assigns a unique user ID (UID) to each app at installation, apps that share a signing key can also have a shared UID and access to each other’s data. And this design allows applications signed with the same certificate as the operating system itself to receive the same privileges.
The crux of the problem is that some OEMs’ Android platform certificates have been leaked out and are now being abused to sign malicious apps with the same privileges as Android, Google said. These applications can obtain system-level privileges directly on the affected device without interacting with the user. Therefore, once an Android device is infected, that malware can access all the data without the user’s knowledge.