It has been shared by Lukasz Siewerski, who is working as an engineer in Google, that Google’s Android Partner Valnarobility Initiative (APVI) has publicly revealed a new vulnerability, which affects Samsung, LG and other devices. The reason for this is to leak the platform signing of the OEMS, which is used to check the validity of the version running on the Android device. This can also be used to sign different apps.
According to 9to5google, Android rely on the app signed with the same, which is used to signed on the operating system. In such a situation, with those app signing keys, a wrong intention or hacker will be able to use Android’s “Shered User ID” system to give full (system-level) permissions on an affected device, after which all the data of that device can go into an outer hand.
The information given by Google in this case does not state which devices or OEMs were affected by it, but it shows the hash of the example of malware files. In addition, each file is uploaded on the virustotal, which often reveals the name of the affected company. Along with this, the report claimed that Samsung, LG, MediaTek, Szroco and Revoview have been leaked.
According to Google, the first step for each affected company is that it swap (or “rotate”) signed on its Android platform and do not use the leaked keys.
