- A new smartphone security leak has left Android devices from brands like Samsung and LG vulnerable to malware apps.
- The leak contains platform certificates, which are used to verify apps and sign off on Android builds.
- These certificates can be used to create apps which will be flagged as authentic by Google, even if they are not.
If you are using an Android smartphone, watch out, as a new security leak has left various smartphones from Samsung, LG, and other manufacturers vulnerable to malware apps, that can potentially steal your user data and can even gain access to your device. The new data leak, that has recently been reported, is pretty dangerous, as it can flag any spammy/malicious app as a verified app and can potentially cause a lot of trouble.
New security leak leaves Android devices vulnerable
The security leak contains platform certificates, which are used to verify apps as genuine and safe apps and sign off on Android builds for such apps. If the leaked information gets into the wrong hands, these certificates can easily be used to create scam apps which will be flagged as authentic by Android, even if they are not.
The Android signing certificates were leaked from multiple partner OEMs recently. These certificates are even used to determine whether the Android build your device is running on is genuine.
For now, it is rather unclear as to which OEM vendor(s) were affected, but a report suggests that some manufacturers, including (but not limited to) Samsung and LG have been affected. Even chip manufacturer MediaTek has taken the hit. Google is currently urging OEM partners to swap out the leaked certificates, so that they cannot be used any more.
According to Google, the leak happened way back in May 2022 and the users are protected against the vulnerability through Google Play Protect and various “mitigation measures” that OEMs so far have implemented.