Google’s security team has called out Samsung for making changes to its kernel that could potentially make Android devices more vulnerable to attacks.
The concerns were shared in a blog post by Google security group Project Zero last Wednesday.
Read our hands-on review of the Samsung Galaxy S20
According to Project Zero, a number of phone manufacturers have been adding their own code to the Android kernel, opening the door to hackers and exposing other security flaws.
Samsung, in particular, has been admonished for messing with the Android kernel of the Samsung Galaxy A50 mid-range smartphone.
The security team explained that it is not abnormal for phone manufacturers to add device-specific code to the kernel, but that this code is often found to be the source of new vulnerabilities.
While Samsung appeared to modify the kernel to create an additional layer of security, adding the drivers simply created a memory bug, according to Google.
“The Samsung kernel on the A50 contains an extra security subsystem (named “PROCA”, short for “Process Authenticator”, with code in security/proca/) to track process identities,” Project Zero’s Jann Horn wrote.
“By combining several logic issues in this subsystem (which, on their own, can already cause a mismatch between the tracking state and the actual process state) with a brittle code pattern, it is possible to cause memory unsafety by winning a race condition.”
Horn also stated that Samsung’s modifications would be capable of preventing an attacker who already has sufficient control over the kernel from reading or modifying user data or gaining access to email or messaging apps.
Related: Best VPN
While Google has since issued a patch for the bug, Horn described the fix as “very unreliable” and advised that manufacturers stop making changes to the Android core kernel.
Google rather suggests that phone makers rely on Android’s built-in security features instead of adding their own through the kernel.