Samsung made some critical changes to Android – Google says it made it less secure
C’mon, get it together.
Google’s security team, Project Zero, gave Samsung a little spanking this week for unintentionally making Android just a little bit less secure. See, a well-meaning security change to the Android kernel (the main chunk of the operating system) ended up adding more ways for a hacker to attack your phone.
Shame on you Samsung, you’re making Android security into a joke
There’s a long-established history of Android’s partners making changes to the core kernel, but sometimes those changes don’t go as planned. One such change was done recently by Samsung, with a new security feature for the Galaxy A50 that Google says introduced a memory corruption issue and potentially made Android less secure.
- Samsung’s new security feature doesn’t really block attackers, just existing “rooting” tools that aren’t customized to work on Samsung’s phones
- There’s another issue with a security subsystem that Google fixed in September 2018 but that fix didn’t make it into the Samsung version of the kernel. Combining the two gives an attacker full read/write privileges on the device
- Adding extra code like this makes future development harder, plus introduces more potential ways to attack the Android OS
Google’s researchers also go on to say that these kind of device-specific changes to the kernel should be done in userspace drivers instead, so they don’t reintroduce bugs that were already fixed or make future updates more complicated than necessary. That way, they could use existing, stable, secure pathways that are maintained by Google.
- Samsung will charge you $119 for a Galaxy Z Flip screen replacement
- The best new iOS and Android apps to download in February
- Uhhh, Google might have sent some of your private Google Photos videos to strangers
- Durability tests show that Samsung’s Galaxy Z Flip phone is highly prone to scratches