You can say without doubt that Google created Android and is the main source of current Android versions that you see on devices out in the market today. But what you cannot say is that the version of Android you find, say in a Samsung device, is the original Android that Google put out – this is because while OEMs like Samsung use the latest Android AOSP (Android Open Source Project) builds as basis for their software, they tweak the software so that it looks and feels and runs uniquely like they want it to. The problem there is that when they do this, bugs happen.
Google’s Project Zero, a team of analysts at the mothership tasked with finding vulnerabilities in Android builds, recently put one of Samsung’s current flagship smartphones – the Samsung Galaxy S6 Edge – to through their tests to see if their current software build for the phone is indeed secure. The findings? Well, your expensive edgy Samsung flagship is not perfectly secure – it has 11 vulnerabilities that hackers can exploit.
These eleven bugs can all be used to exploit your device in a number of ways (more specific info via the source link) – firstly, gain remote access to contacts, photos and messages – which is already bad in itself. Secondly, an app may be installed from the Google Play Store without permissions that can give hackers access to contacts, photos, geolocation, etc. And if your hacker friend is really persistent, he can perform a device wipe, using the access gained from the first or second methods.
Samsung has taken note of these, because people who bought the highly expensive (and handsome) Samsung Galaxy S6 Edge would really want some security to go with that cash they spent. The Project Zero team have already reported these vulnerabilities to Samsung, and as of today, only 3 remain unfixed.
SOURCE: Project Zero Blog
