The security certificates of developers is used to sign android apps. This is unique and is in charge of maintaining an app as official and that it can be updated from Google Play. If the firm falls into strange hands, you can imagine what happens.
The certificate of the “Android” App has been leaked
On your mobile there is an app called “Android” that does not have an icon, but it is one of the most important. He manages the system and for this reason he has to have access to everything inside your smartphone. This app has a unique and secret digital certificate.
Well, not secret. have been detected a couple dozen apps that use this certificate. This not only means that Google has lost the only access to it, but that the apps that install it have a free bar of data and actions within your Android mobile.
Installing this certificate in an app, and installing the app on a smartphone, gives the hacker the master key to open any room, poke around, and leave quietly. This is what has happened in several system applications signed by Samsung.
The good news is that they are not on Google Play
These Samsung apps signed with the Android app certificate are on APKMirror, one of the most popular repositories after Google Play. It’s not like Samsung uploaded those apps to APKMirrorbut a user has installed the Android certificates on them and published them.
So, any user who installs these apps will have someone in their own home with a master key to access everything. And when we say everything is EVERYTHING: permissions, data, actions, keys, application control…
Google has confirmed that the problem is reported and that this certificate is being targeted so that it does not sneak into Google Play. He has also confirmed that he has never set foot in his Apps store, although we cannot know this and we must trust his words.
It is quite an embarrassing and dangerous situation for users, as it is a very smart way to access the entirety of a smartphone with a seemingly harmless app.