Google Told Samsung To Stop Messing Around With Android

Google has recently warned some smartphone manufacturers not to mess with Linux kernel codes in Android.

As stated by Project Zero, a security team of Google, lots of phone makers have altered the software in an attempt to make their own devices more secure. However, in most cases, they end up making it more vulnerable to attacks.

This warning is also for Samsung, which has recently messed with Android and exposed their devices to a wide range of threats. According to Google, manufacturers should stick to the onboard security measures of Android rather than altering the core kernel.

Jann Horn of Google took the Samsung Galaxy A50 as an example. When the Korean electronics giant made the changes, they added custom drivers, which created direct access to the kernel.

Samsung did this with an intention to improve the security of devices but at the same time, they accidentally created a corruption bug in the memory.

According to Samsung, the bug is just a moderate issue with double-free and use-after-free vulnerabilities on both Android 9 and Android 10. After learning about it, the company has patched the bug with the February update.

Horn also said that changes made by phone manufacturers were the primary sources of vulnerabilities and they could affect Google’s effort in securing Android.

He cited another example from Samsung, which was to keep an attacker, who was believed to gain “arbitrary kernel read/write,” under control. He said that Samsung had better ensure the attacker did not go that far rather than take measures when the hacker had already gained some authority.

Horn concluded that all vendors were advised to frequently apply updates from upstream kernels.

>>> Bill Gates Buys Porsche Instead Of Tesla, Elon Musk Gets Angry