Connect with us

Android

Samsung made some critical changes to Android – Google says it made it less secure

C’mon, get it together.

samsung phone on table
Image: Unsplash

Google’s security team, Project Zero, gave Samsung a little spanking this week for unintentionally making Android just a little bit less secure. See, a well-meaning security change to the Android kernel (the main chunk of the operating system) ended up adding more ways for a hacker to attack your phone.

Whoops.

Shame on you Samsung, you’re making Android security into a joke

There’s a long-established history of Android’s partners making changes to the core kernel, but sometimes those changes don’t go as planned. One such change was done recently by Samsung, with a new security feature for the Galaxy A50 that Google says introduced a memory corruption issue and potentially made Android less secure.

  • Samsung’s new security feature doesn’t really block attackers, just existing “rooting” tools that aren’t customized to work on Samsung’s phones
  • There’s another issue with a security subsystem that Google fixed in September 2018 but that fix didn’t make it into the Samsung version of the kernel. Combining the two gives an attacker full read/write privileges on the device
  • Adding extra code like this makes future development harder, plus introduces more potential ways to attack the Android OS

Google’s researchers also go on to say that these kind of device-specific changes to the kernel should be done in userspace drivers instead, so they don’t reintroduce bugs that were already fixed or make future updates more complicated than necessary. That way, they could use existing, stable, secure pathways that are maintained by Google.

What do you think? Surprised Samsung is messing up security for Android operating systems? Let us know down below in the comments or carry the discussion over to our Twitter or Facebook.

Editors’ Recommendations:

Comments

More in Android