Google’s security group Project Zero in a blog post has called out Samsung for making changes in the Android kernel. It stated that these changes leave Android devices more vulnerable to attacks. Apart from this, the team also stated that a number of smartphone manufacturers have been adding their own code to the Android kernel, which then opened up a door to hackers by exposing security flaws.
In the blog post, Samsung has been mentioned specifically for adding code to the Android kernel of its mid-range Galaxy A50 smartphone. Samsung had modified the kernel to add an extra security subsystem to track process identities (named PROCA short for Process Authenticator), which created a memory bug.
It stated that by combining several logic issues in this subsystem with a brittle code pattern, hackers can cause a possible memory unsafety.
Express Tech is now on Telegram. Click here to join our channel (@expresstechie) and stay updated with the latest tech news
The blog post stated, “Unfortunately, it is more difficult to generically lock down the attack surface that is created when vendors modify core kernel functionality.” Due to which it recommends that manufacturers should stop making changes to the Android core kernel.
Android 11 First Developer preview is here: How to get it on your Pixel phone
The company has since then issued a patch for the above bug, however, in the post, it is stated that the fix is “very unreliable.” He rather suggests that smartphone manufacturers should rely on Android’s built-in security features, instead, of trying to add their own features via the source code kernel.
Samsung has not responded to this statement as of now, but we expect the company to soon come out with a statement.