Google says Samsung Galaxy S6 Edge reduces Android security
Samsung's Galaxy S6 Edge is blighted by 11 security problems according to the Project Zero team at Google. The team carried out research to determine how easy it would be for an attacker to exploit an Android phone produced by an OEM.
Over the course of just a week of investigations, Google discovered "a substantial number of high-severity issues". While Samsung has now fixed some of the problems, at least three are still to be addressed.
Writing on the Project Zero blog, "planner of bug bashes", Natalie Silvanovich says:
A week of investigation showed that there are a number of weak points in the Samsung Galaxy S6 Edge. Over the course of a week, we found a total of 11 issues with a serious security impact. Several issues were found in device drivers and image processing, and there were also some logic issues in the device that were high impact and easy-to-exploit.
The majority of these issues were fixed on the device we tested via an OTA update within 90 days, though three lower-severity issues remain unfixed. It is promising that the highest severity issues were fixed and updated on-device in a reasonable time frame.
She also highlights the problem of OEMs introducing "additional (and possibly vulnerable) code into Android devices at all privilege levels". Despite the number of problems found, Samsung was praised for issuing security patches in a timely fashion.