Google tells Samsung to stop making changes in Android

News
By published

Rather than securing the devices, changes make them vulnerable to hacks

Android
(Image credit: Shutterstock)

Google has slammed some of the leading mobile manufacturers for altering Linux kernel codes within the its Android platform.

According to Google's Project Zero security team, several phone makers have tinkered with the software in order to make their devices more secure - however, in the process, have actually ended up making the phones vulnerable to serious security bugs.

This includes Samsung, whose tinkering with the Android Linux kernel has resulted in exposing the company's devices to a range of threats.

Creating vulnerabilities

Google has suggested that manufacturers should use Android’s inbuilt security features rather than making unnecessary changes to the core kernel.

Citing an example of Samsung’s Galaxy A50, Google’s Jann Horn revealed that while making these changes, Samsung added custom drivers, thus creating direct access to the kernel. While this was meant to enhance security on the device, it created a memory corruption bug.

Samsung described the bug as a moderate issue consisting use-after-free and double-free vulnerabilities on devices running Android 9 Pie and Android 10 and affected company’s PROCA (Process Authenticator) security subsystem. This bug was patched with an update in the recent February update by the company.

Horn’s posts also suggest that device-specific kernel changes are a frequent source of vulnerabilities and termed these them “unnecessary” which negates Google’s work in making the OS secured.

He highlighted another example from Samsung stating that one of the changes in a device was aimed at restricting an attacker that gained “arbitrary kernel read/write.” Calling these changes as “futile”, he mentioned that the engineering resources could’ve been better utilized had it ensured that a hacker does not even reach this point.

He concluded with an appeal that “ideally, all vendors should move towards using, and frequently applying updates from, supported upstream kernels.”

Via: Google Project Zero

TOPICS
Jitendra Soni
Jitendra Soni

Jitendra has been working in the Internet Industry for the last 7 years now and has written about a wide range of topics including gadgets, smartphones, reviews, games, software, apps, deep tech, AI, and consumer electronics.  

Latest in Phone & Communications
GlocalMe KeyTracker
When I tested this global tracker, it trounced the Apple AirTag in so many ways
Privacy Hero II
I tested this secure router and the bundled year of VPN service feels mostly like a marketing exercise
ThinkPhone 25 by Motorola
I reviewed the ThinkPhone 25 by Motorola and while it's not as fast as its predecessor, it's the superior phone in so many ways
FRITZ!Box 7690 WiFi 7 Router
FRITZ!Box tries to embrace both business and home customers with its new 7690 router
Ulefone Armor Pad 4 Ultra Thermal
Other than screen reflection, I’m still looking for the downside to the Ulefone Armor Pad 4 Ultra Thermal tablet
Unihertz Tank Pad 8849
Carrying the Unihertz Tank Pad 8849 provided me with a full workout
Latest in News
Lilo & Stitch Official Trailer
Stitch crashes into earth and steals our hearts with the first trailer for the live-action Lilo & Stitch
GTA 5
GTA Online publisher Take-Two is gunning for a black market that’s basically heaven for cheaters
Y2K cast looking shocked
Y2K has a streaming release date on Max, so you can witness the technology uprising at home
The Discovery+ homepage
Discovery+ just got a big update to its streaming app that makes it more like Max – here are 5 great new features to try
Two Android phones on a green and blue background showing Google Messages
Struggling with slow Google Messages photo transfers? Google says new update will make 'noticeable difference'
China
Chinese hackers targeting Juniper Networks routers, so patch now
More about phone communications
Privacy Hero II

I tested this secure router and the bundled year of VPN service feels mostly like a marketing exercise
GlocalMe KeyTracker

When I tested this global tracker, it trounced the Apple AirTag in so many ways
Lilo & Stitch Official Trailer

Stitch crashes into earth and steals our hearts with the first trailer for the live-action Lilo & Stitch
See more latest
Most Popular
Lilo & Stitch Official Trailer
Stitch crashes into earth and steals our hearts with the first trailer for the live-action Lilo & Stitch
Y2K cast looking shocked
Y2K has a streaming release date on Max, so you can witness the technology uprising at home
China
Chinese hackers targeting Juniper Networks routers, so patch now
GTA 5
GTA Online publisher Take-Two is gunning for a black market that’s basically heaven for cheaters
Bolt Zeus 2c26-032 PCIe card
This GPU vendor I've never heard of claims its card is 10x faster than an Nvidia RTX 5090 at real time path tracing
Google Meet create custom backgrounds
More AI features are coming to Google Workspace
A mockup of the possible Apple M3 Ultra logo
Performance isn't the only reason you should buy Apple's M3 Ultra Mac Studio - it's reportedly one of the most power-efficient processors too
The Discovery+ homepage
Discovery+ just got a big update to its streaming app that makes it more like Max – here are 5 great new features to try
Apple products all showing different versions of the Apple Photos app
Apple Photos could actually win you over in iOS 18.4 – here are 4 improvements that are coming
Google Chrome dark mode
Google updates Chrome extension rules to ban affiliate link injection without user action or benefit