A security leak has left Android devices from manufacturers such as Samsung, LG and others, vulnerable to malware apps that steal user data and can gain access to their devices.
The reason why the leak is dangerous is that it contains platform certificates, which are used to verify apps and sign off on Android builds for these apps. In the wrong hands, these certificates can be potentially used to create apps that will be flagged as authentic by Android, even when they are not. The Android signing certificates were leaked from multiple partner OEMs. Worse, the certificates are also used to determine whether the version of Android running on your phone is legitimate.
Unfortunately, the disclosure of the leak does not specify which OEM vendors were affected but as 9to5Google points out, it does show an example hash of malware files. Using this, the publication managed to find out some of the organisations that have had certificates leaked. These include Samsung, LG and MediaTek among others. For now, Google is urging OEM partners to swap out the leaked certificates, so they can no longer be used. Google reported that the leak happened in May 2022, and stated that the users are protected against this vulnerability through Google Play Protect and “mitigation measures” implemented by OEM partners.
