This major Android bug may have led to the creation of awful new malware apps

Your smartphone is probably at risk

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Following a major security leak, devices from some of the world’s biggestAndroidsmartphone manufacturers are vulnerable to malicious apps thatoperating systemsare treating as trusted.

The news comes fromGoogle’s Android Partner Vulnerability Initiative’s (APVI) Łukasz Siewierski, whopublicly disclosedthe vulnerability in November 2022.

As noted by9to5Google, Siewierski’s disclosure doesn’t directly reveal which major Android manufacturers have had their platform signing keys leaked, but virus scans of some affected files have confirmed thatSamsung,LG, Xiaomi, Mediatech, szroco, and Revoview devices are affected, but this is a developing and incomplete list.

Abusing trusted apps

To quote Mishaal Rahman, Technical Editor for cloud platform Esper, “this is bad. Very, very bad.”

The vulnerability is allowing threat actors to create malicious apps with system-level privileges, and even integrate malicious code into pre-existing, non-malicious and trusted Android applications. And it’s because of platform signing keys.

A platform signing key is an element that the endpoint uses to make sure the operating system running is legitimate. They’re used to create platform-signed apps, those that a device manufacturer has verified as safe and free ofmalware.

Should a threat actor obtain these keys, they’d be able to use the Android’s “shared user ID” system to craft a malicious application with full system access.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

To make matters even worse, it’s not just newly-built apps that can be abused like this. Already installed apps still need to be signed regularly, meaning threat actors could side-load malware into trusted apps in short order.

Following resigning, a simple app update, which Android then wouldn’t see as problematic, would be enough to infect a device.

Google warns millions of Android devices could be at risk of attack due to this flaw>Serious security bugs put millions of Android devices at risk>Check out our list of the best secure smartphones of 2022

The issue was first spotted by Google in May 2022, and the company claims that all affected manufacturers have taken “remediation measures to verify the user impact”, although no further details were given.

It’s still unclear if these measures have worked, as9to5Googlealso claimed some of the vulnerable keys were used in Android apps from Samsung within the last few days at time of writing.

Still, Google said Android phones are safe in a number of ways, including through Google Play Protect, OEM mitigations, and more. Apps residing in thePlay Storeare safe, too, apparently.

“OEM partners promptly implemented mitigation measures as soon as we reported the key compromise. End users will be protected by user mitigations implemented by OEM partners," a spokesperson for the company said.

“Google has implemented broad detections for the malware in Build Test Suite, which scans system images. Google Play Protect also detects the malware. There is no indication that this malware is or was on the Google Play Store. As always, we advise users to ensure they are running the latest version of Android.”

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Cisco issues patch to fix serious flaw allowing possible industrial systems takeover

Washington state court systems taken offline following cyberattack

Lego will let you build Sir Ernest Shackleton’s iconic lost ship, the Endurance, in its next Icons set