Hundreds of millions of Android devices, including Samsung, appear to have been compromised by a significant security flaw. This is less of a vulnerability and more of a leak of a critical component used by Android OS-dependent device manufacturers.
Specifically, the platform signing keys of Android OEMs, including LG, Samsung, and others, have been compromised. A signing key ensures that the Android version installed on a device is authentic. In addition, individual apps can use the signing key, so Android will trust any app that shares the same signing key as the operating system. (via @maldr0id / 9to5Google)
This could theoretically allow a malicious party to attach malware to a trusted app without being detected. The fact that a new app version contains malware is irrelevant. As long as the app is signed with the same key as the operating system, it will be considered a trusted update, regardless of whether it was downloaded from the Galaxy Store, the Play Store, or another source. That is, in principle. Google claims that no apps with such vulnerabilities have been uploaded to the Play Store, which is good news.
Samsung already took measures to minimize risks
In addition to Samsung, other mobile brands affected by this security breach include LG, MediaTek, szroco, and Revoview.
The issue was initially reported in May 2022, and Google reports that Samsung (and other manufacturers) have “taken remediation measures to minimize user impact.” It is unclear which applications are still vulnerable to this security vulnerability and what extent. However, precautions were taken to reduce the likelihood of contracting malware. And thankfully, Google also stated that the exploit has not been discovered in any Play Store apps and that Play Protect provides protection against these vulnerabilities.
In any case, it appears that the best way to avoid issues caused by this security vulnerability is to refrain from sideloading apps from third-party websites for some time.
