Google issues warning to millions of Samsung phone owners over dangerous app

GOOGLE has revealed that it found a “spyware vendor” targeting Samsung smartphones.

It was pulled off by a shady Android app which victims may have been tricked into installing outside the proper app store.

Galaxy S10 among the models affectedCredit: The Sun

The tech giant won’t say who it suspects was behind the attack but divulged that it follows a pattern similar to others.

Experts uncovered three so-called “zero-day” security vulnerabilities.

The issue only affected certain Samsung devices running certain technology and specific chips.

This means models such as the S10, A50, and A51 were at risk.

I'm A Celeb fans blast '3 lazy stars' & say camp gossips are 'stirring feud'

I use a whole bottle of foundation on my face - I don’t care if I'm wasteful

It also depended on where the device was sold, with Europe and Africa named as target locations.

It was discovered back in late 2020 and patched up by Samsung in March 2021, demonstrating why it’s always important to keep your smartphone up-to-date.

The malicious app responsible for it all let hackers get around the usual system rules to get under the hood of the owner’s device.

Google said that Samsung has now committed to publicly sharing when vulnerabilities may be under limited, targeted exploitation, as part of their release notes.

Most read in Tech

This allows experts to work more collaborative on sorting flaws.

“We hope that, like Samsung, others will join their industry peers in disclosing when there is evidence to suggest that a vulnerability is being exploited in-the-wild in one of their products,” said Maddie Stone, from Google’s Project Zero team of bug hunters.

Millions of Android owners warned anyone can bypass your lock screen

Millions of Android users warned to check battery life with clever hack

“Labeling when vulnerabilities are known to be exploited in-the-wild is important both for targeted users and for the security industry.

“When in-the-wild 0-days are not transparently disclosed, we are not able to use that information to further protect users, using patch analysis and variant analysis, to gain an understanding of what attackers already know.”