News for nerds, stuff that matters
Samsung's Changes To Android Are Making Its Phones Less Secure, Says Google
Google scolded Samsung this week for an issue discovered on the Korean phone maker's Galaxy A50. From a report: Google says Samsung made "unnecessary changes to Android's core kernel," adding the changes Samsung made threaten rather than strengthen the phone's security. The tech giant has a vested interest in making sure Android is secure for OEMs and end users alike. Earlier this week Google announced it has made measurable efforts to limit malicious apps on its Google Play Store and it's clamping down on the permissions apps can request, resulting in a 98% reduction in requests for access to user's call history and text messages. It's also been tackling more worrying bugs, like self-reinstalling ones. But in this instance, it's a hardware partner that's causing the problems. In a detailed blog post from Google's Project Zero Team, researcher Jann Honn outlines the exact issue with Samsung's changes to the Android kernel on the A50. Samsung's changes included a security feature to restrict an attacker from reading or modifying user data, but Honn says the move is "futile" and rather than bolstering security, it introduces vulnerabilities that could increase an attacker's ability to arbitrarily execute code.