Platform certificates used by Android smartphone vendors like Samsung, LG, and MediaTek have been found to be abused to sign malicious apps.
The findings were first discovered and reported by Google reverse engineer Łukasz Siewierski on Thursday.
“A platform certificate is the application signing certificate used to sign the ‘android’ application on the system image,” a report filed through the Android Partner Vulnerability Initiative (AVPI) reads.
“The ‘android’ application runs with a highly privileged user id – android.uid.system – and holds system permissions, including permissions to access user data.”
This effectively means that a rogue application signed with the same certificate can gain the highest level of privileges as the Android operating system, permitting it to harvest all kinds of sensitive information from a compromised device.
images from Hacker News