Google’s Project Zero has found 11 high-impact security issues in the top-end Samsung Galaxy S6 edge smartphone. So far only 8 of these have been fixed. Google says the reason for carrying out this exercise was to see how easy or difficult it would be to spot bugs and security vulnerabilities in Android phones manufactured by OEMs.
Google says “OEMs are an important area for Android security research, as they introduce additional (and possibly vulnerable) code into Android devices at all privilege levels, and they decide the frequency of the security updates that they provide for their devices to carriers.”
Google’s team worked on gaining remote access to contacts, photos and messages; gaining access to the same via an app installed from Play with no permissions; and executing code across a device wipe.