Samsung and LG phones are said to be at risk of malware attacks due to the leaked Android certification.
Android certification has been published online, putting millions of devices at risk of malware attacks, reports Gizmochina.
Users of Samsung and LG devices as well as all smartphones with MediaTek chipsets are at risk of being attacked by this malware.
Malicious parties can use the leaked certificate to install malware on users’ smartphones.
Because the login key has the highest level of operating system (OS) rights, hostile actors can introduce malware without Google, the device manufacturer, or the app developer knowing about it.
The bad actor might theoretically install malware while pretending to be a legitimate software update if users download the update from a third party website.
According to Google, the platform certificate refers to the application signing certificate used to sign the “android” application to the system image.
The highly privileged user ID “android.uid.system” is used by the “android” program, which has access to user data as well as other system permissions.
Any other program with the same Android OS certificate is granted the same level of access.
The Android security team has already notified the affected companies about the issue.
The tech giant also advised affected companies to “rotate the platform certificate by replacing it with a new set of public and private keys.”
The report said Samsung had been aware of the issue for some time and had addressed the vulnerability.