All Samsung phones and tablets have a store parallel to Google Play: the Galaxy Store. Perfect for installing apps, it was recently discovered that said Samsung store allowed other apps to install software on the device without the owner’s knowledge. Samsung has fixed this bug: update the store as soon as possible.
It’s not that Android is lame in its options when it comes to installing apps, which aside from the official store on all Google-licensed devices, there are a slew of parallel stores to from which to download new software. Same there are more official stores apart from Google Play; which widens the possibilities and, sometimes, also the risks for the user.
The Galaxy Store allowed to install applications in a hidden way
Samsung’s official store for your Android devices includes exclusive apps and games, as well as software available on Google Play. Samsung often offers different promotions to its users with the idea of become an alternative for those who do not wish to use the Android store. And it’s a good idea to keep the Galaxy Store updated even if the user doesn’t download anything from there.
Researchers from Texas-based security firm NCC Group have discovered a serious security flaw in the store that all Samsung Galaxy devices come preinstalled with. Thanks to the installation permissions that the Galaxy Store has by default, the flaw in its security allowed other applications to be installed on the device. stealthily access the store to download software not authorized by the user. The operation was completely hidden.
In total, the Galaxy Store offered two serious vulnerabilities; recognized by Samsung and fixed: one that allowed access to the store to install unauthorized software (CVE-2023-21433) and another that allowed the execution of JavaScript code when loading a web page (CVE-2023 -21434). Thanks to the two security holes, NCC Group was able to install unauthorized applications for, taking advantage of the second hole, execute malicious code after tampering with web access to the cloud save game service. Samsung has given a “moderate” assessment of the risk posed by the two flaws: there is no record that they have been exploited.
After checking the security vulnerabilities, Samsung corrected the functioning of the store with an update: our recommendation is to update it as soon as possible, even if the Samsung store is not used to download applications; just open the store and click on the pending update. In addition, those who have updated to Android 13 with One UI 5 are covered against outages: these only affect the non-updating Galaxy Store which is installed on Android 12 and below.
More information | NCC Group, Samsung
Through | telephone arena