A Google research team found 11 security vulnerabilities in the Samsung Galaxy S6 Edge, several weeks after a separate study found almost 90% of Android devices are at risk for attacks through malicious apps and messages.
Google decided to look for security vulnerabilities to see how devices made outside of the company fare security-wise, Google wrote in a blog post.
The majority of Android devices are made by Original Equipment Manufacturers or OEMs, which introduce additional code into Android devices that could be vulnerable, the blog reads.
Google found 11 issues with the Samsung Galaxy S6 Edge.
One bug was found in the email client that "can send a series of intents that causes the user’s emails to be forwarded to another account."
Another flaw scans for the existence of ZIP files and unzips them, which gives hackers a chance to take over the files stored on your phone.
"A week of investigation showed that there are a number of weak points in the Samsung Galaxy S6 Edge," Google wrote in its blog post. "Several issues were found in device drivers and image processing, and there were also some logic issues in the device that were high impact and easy-to-exploit."
Google reported these security vulnerabilities to Samsung and all but three were fixed in the latest security update. It's also interesting that Google is digging into security vulnerabilities in third-party devices that use Android and publicly sharing the results. This could be a sign that Google is thinking about eventually exerting more control over the operating system given the recent reports of security holes in Android in recent months.
An October Cambridge University study found that 87% of Android devices are exposed to at least one of 11 known critical vulnerabilities.
Similar to the Google study, the researchers put the blame on the manufacturers of these devices.
"Unfortunately something has gone wrong with the provision of security updates in the Android market," the Cambridge study reads. "Many smartphones are sold on 12–24 month contracts, and yet our data shows few Android devices receive many security updates."
A Samsung spokesperson said that they launched a monthly security update program last October to address these kinds of issues.
"In our first Security Update, we were able to provide solutions to eight of the more critical issues that were brought to our attention by Google as part of their 90-day reporting policy," the spokesperson said. "The remaining three issues will be included as part of our November Security Update which will be rolling out over the next couple of weeks."
