Android smartphone users, your device could be at risk!

The leak was reported by Łukasz Siewierski (via Mishaal Rahman), a Google employee and malware reverse engineer. He said that multiple platform certificates are being used to sign malware. He explains platform certificates as an application signing certificate which is used to sign the “android” application on the system image. The “android” application runs with a highly privileged user id – android.uid.system – and holds system permissions, including permissions to access user data.

These certificates are used to verify apps. Any other application signed with the same certificate can declare that it wants to run with the same user id, giving it the same level of access to the Android operating system. In other words, these certificates, if exploited by hackers, can be used to create apps that may look authentic.

“Applications signed with the platform certificate may declare that they want to share uid with the ‘android’ application, giving them the same set of permissions without user input”, says Łukasz Siewierski explaining the impact of the vulnerability on Android phones.

The Android Security Team has already informed the affected companies about the issue. It has advised impacted smartphone companies to ‘rotate the platform certificate by replacing it with a new set of public and private keys’. “Additionally, they should conduct an internal investigation to find the root cause of the problem and take steps to prevent the incident from happening in the future,” the company further added.

The issue was first reported in May 2022. As per Google, Samsung and other manufacturers have “taken remediation measures to minimize the user impact.” According to a XDR report, Samsung has issued a statement saying “We have issued security patches since 2016 upon being made aware of the issue, and there have been no known security incidents regarding this potential vulnerability.”