Critical Warning Issued Regarding 10 Million Samsung Phone Updates
More than 10 million users of Samsung smartphones have done the right thing in looking to manage firmware updates that improve and secure the running of their devices. Unfortunately, they may well have done so in such a way that has the potential to impact device security negatively as well as cost them money for installing updates that should be free of charge.
What has gone wrong for 10 million Samsung users?
Aleksejs Kuprins, a malware analyst at CSIS Security Group, has revealed how an app called "Updates for Samsung" has been installed by more than 10 million users who have downloaded it from the official Google Play app store. As first reported by ZDNet, the app "promises firmware updates, but, in reality, redirects users to an ad-filled website and charges for firmware downloads."
This is particularly concerning not only because, as I write this morning, the app is still available for download at Google Play but also as it undermines the message that so many of us try to get across about the importance of keeping up to date with the latest updates for your smartphones in order to stay one step ahead of those who would do you harm. Installing firmware updates is recommended not only to ensure your device is running with all the latest features and at peak efficiency, but also for reasons of security. Anything browse this site that devalues that update message also weakens the security stance of your smartphone, even if there is no inherent malicious intent from the security perspective by the app developers.
How did this happen?
According to Kuprins, the fact that the app was named "Updates for Samsung" and made available through the official app store for Android users, which is often but wrongly assumed to be a depository of perfectly safe apps only, was the key to its success. "It would be wrong to judge people for mistakenly going to the official application store for the firmware updates after buying a new Android device," Kuprins said, "vendors frequently bundle their Android OS builds with an intimidating amount of software, and it can easily get confusing." Hardly surprising that new and non-technical users of a Samsung device might look to install an app that promises to make what can seem like a daunting task easy and describes its functionality thus: "Download any OS update for any Samsung device ever released, read the latest Android tech news and access the latest firmware upgrades, Android version updates, Android tips, tricks, guides & how-to tutorials to check if you can upgrade or update your device to a new version of the Android OS."
What did Kuprins find out about the app?
While the app does, indeed, enable the user to search for firmware specific to their device, Kuprins found it to be "stuffed with advertisement frameworks," and distributing Samsung firmware as part of a paid subscription scheme. The app developers are not, Kuprins said, officially affiliated with Samsung and charging an annual fee of $34.99 to access what is actually a free of charge update process. Then there's also the fact that the payment process itself doesn't take place via the official, and secure, Google Play subscriptions method but instead asks for credit card details sent to another website.