Android security has always been a matter to pay a lot of attention. There is no doubt that everything has improved a lot over the years, because after a few beginnings in which it was possible to upload practically anything to the app store. Over time. Google has been implementing multiple security measures, in addition to recognizing trusted developers. Thus, at present downloading apps from Google Play is quite safe.
Malicious apps are still known to have managed to sneak into the Android app store. Sometimes these are detected by Google itself, on other occasions by companies and security researchers, and complaints by users are also very helpful in this regard. And speaking of this, it’s always a good time to remember an essential habit for all Android users, which is to review the permissions granted to an app when installing it, to verify that they correspond to what it needs to function correctly. The paradigmatic case in this regard was a flashlight app, fortunately already removed a long time ago, that asked the user for all the permissions that an app can ask for. Why does a flashlight app need access to your contacts, phone functions, etc.? The permissions list is always the first red flag.
However, not all security problems are related to appsThey can also be caused by problems in the operating system and by the components of the affected devices. In such cases, the problem is much more serious for users, since the solution to them is beyond their control, so they depend directly on Google and/or the manufacturers of the affected components to be protected again.
Such is the case of 18 vulnerabilities, 4 of them critical, recently identified in Android. These security problems have been reported by Tim Willis, head of Google Project Zero, and according to what we can read, they affect devices equipped with various Samsung chipsets, more specifically the Exynos family. This is the list of the main affected devices:
- Samsung mobile devices including S22, M33, M13, M12, A71, A53, A33, A21, A13, A12 and A04 series
- Vivo mobile devices including S16, S15, S6, X70, X60 and X30 series
- Google’s Pixel 6 and Pixel 7 series of devices
- Any wearable device using the Exynos W920 chipset (including the Galaxy Watch 4 and 5)
- Any vehicle using the Exynos Auto T5123 chipset.
In the case of some of them, such as the Google Pixel, these threats have already been patched., so its users can rest easy. However, as we can read on TechSpotthere are others like those of Samsung that are still waiting to receive security updates.
For all those users, Google Project Zero recommends the following:
«Until security updates are available, users who want to protect against baseband remote code execution vulnerabilities in Samsung’s Exynos chipsets can disable Wi-Fi calling and Voice-over-LTE (VoLTE) at your device settings. Disabling these settings will eliminate the risk of exploiting these vulnerabilities.»
Thus, if you are a user of an Android device (except Google Pixels), It is best to follow this indication as soon as possible.and to keep these features turned off until your device manufacturer releases a security update that fixes the problem.