Your Samsung or Xiaomi smartphone could be in serious danger due to a security certificate leak.

The APVI (Android Partner Vulnerability Initiative) is a division within Google, which is responsible for discover security flaws present in the operating system and its associated services, and report to google about them so you can fix them.

Recently, one of its members has reported about the existence of a severe vulnerability present on the platform, which puts in grave danger devices from brands such as Xiaomi, Samsung or LG, as well as those that have a MediaTek processor.

Vulnerability originates from a filtering of certificates used by these companies to sign system applications, and have been discovered Threats taking advantage of this leak to sign malicious applications and try to carry out different types of attacks.

Millions of Android phones could be in danger because of a certificate leak.

Why are these certificates so important?

Android, in the same way as other operating systems, uses security certificates that are used for sign the applications. These signatures are used, for example, to guarantee that the version of Android used by a device is legitimate, or that the applications pre-installed in the system come from the device manufacturer itself.

Thanks to these signatures, Android can save itself the work of perform other security checks when installing an app. Thus, if the system detects that the manufacturer’s signature has been used, Android allows its installation and grants the app full permission at the system level. Roughly speaking, a malicious application signed with one of these certificates would have the same access to the system as the process itself that is responsible for executing everything in the Android operating system (this process is identified as android.iud.system).

Smartphones from Samsung, Xiaomi, LG or with a MediaTek processor are vulnerable to the threat

To this day, they have already been found various types of malware that use this type of certificate to infect Android devices. And, although at the moment the complete list of manufacturers whose certificates have been leakedit has been possible to discover that brands such as Samsung, LG, MediaTek or Xiaomi are included among those affected.

Google, for its part, has already warned manufacturers about the need to exchange the certificates used to make the signatures, and not reuse those that were leaked. They are also recommended avoid whenever possible use the certificates to sign third-party applications. Additionally, it has issued a statement informing about the existence of different security measures, designed to prevent the victims’ devices from being affected:

OEM partners quickly applied mitigation measures as soon as we reported the compromised key. End users will be protected by mitigations implemented by OEM partners. Google has implemented extensive detections for the malware in the Build Test Suite, which scans system images. Google Play Protect also detects malware. There is no indication that this malware is or has been in the Google Play Store. As always, we advise users to make sure they are running the latest version of Android.

The first clues about the threat were discovered in the month of may 2022. However, they have been found active threats since 2016 who took advantage of this gap.

For the users, there is not much that can be done beyond keep the Android version always updated to the latest availableas well as install the security patches available. It is also recommended prevent app installation from sources outside of Google Play whenever possible.