Android security has always been something to pay close attention to. There’s no doubt that things have improved a lot over the years, as after a few early days where practically anything could be uploaded to the app store. Overtime. In addition to recognizing trusted developers, Google has implemented several security measures. So currently downloading apps from Google Play is completely safe.

The Android app store is still known to have managed to infiltrate the store with malicious apps. Sometimes they are discovered by Google itself, other times by companies and security researchers, and user complaints are also very helpful in this regard. Speaking of which, it’s always a good idea to remember a basic habit for all Android users, which is to check the permissions granted to an app when installing it and verify that they match what it needs to function properly. A paradigmatic case in this regard was the flashlight app, thankfully long since removed, which asked the user for all the permissions an app can ask for. Why does the flashlight app need access to your contacts, phone features, etc.? The permission list is always the first red flag.

However, not all security issues are related to applicationsIt can also be caused by problems in the operating system and components of the affected devices. In such cases, the problem is much more severe for users because their solution is out of their control, so they depend directly on Google and/or the manufacturers of the affected components to protect them again.

Such is the case 18 vulnerabilities have recently been discovered in Android, 4 of which are critical. These security issues were reported by Tim Willis, the head of Google Project Zero, and from what we can read, they affect devices equipped with various Samsung chipsets, more specifically the Exynos family. This is a list of the main affected devices:

• Samsung mobile devices including S22, M33, M13, M12, A71, A53, A33, A21, A13, A12 and A04 series
• Vivo mobile devices including S16, S15, S6, X70, X60 and X30 series
• Pixel 6 and Pixel 7 series devices from Google
• Any wearable device using the Exynos W920 chipset (including the Galaxy Watch 4 and 5)
• Any vehicle using the Exynos Auto T5123 chipset.

In the case of some of them, such as the Google Pixel, these threats are already fixed., so its users can rest easy. However, as we can read on TechSpot, there are others like Samsung that are still waiting to receive security updates.

For all such users, Google Project Zero recommends the following:

«Until security updates are available, users who want to protect themselves against remote baseband code execution vulnerabilities in Samsung’s Exynos chipsets can disable Wi-Fi calling and Voice-over-LTE (VoLTE) in your device’s settings. Disabling these settings eliminates the risk of exploiting these vulnerabilities.»

So if you’re using an Android device (except Google Pixels), It is best to follow this indication as soon as possible.and keep these features turned off until your device manufacturer releases a security update that fixes the problem.