More than 10 million users of Samsung smartphones have accomplished the right component in controlling firmware updates that improve and cozy the going for walks of their gadgets. Unfortunately, they will have accomplished so in this type of way that can impact device protection negatively and cost them money for installing updates that have to be released for rate.
What has long been done wrong for 10 million Samsung users?
Aleksejs Kupres, a malware analyst at CSIS Security Group, has discovered how an app referred to as “Updates for Samsung” has been installed by more than 10 million customers who have downloaded it from the official Google Play app store. As first reported by ZDNet, the app “promises firmware updates, but redirects users to an advert-crammed website and fees for firmware downloads.”
This is especially concerning no longer only due to the fact; as I write this morning, the app remains to be had for download at Google Play but also because it undermines the message that so a lot of us try to get throughout approximately the importance of retaining up to date with the modern-day updates to your smartphones to stay one step ahead of folks who would do you damage. Installing firmware updates is no longer the simplest way to ensure your tool is running with all the latest features and height performance, but also for security reasons. Anything that devalues the replacement message also weakens the safety stance of your phone. However, there is no inherent malicious cause from the safety angle with the app builders’ aid.
How did this happen?
According to Kupres, the reality that the app was named “Updates for Samsung” and made to be had through the legitimate app store for Android users, which is frequently but wrongly assumed to be a depository of perfectly secure apps, most effectively, turned into the important thing to its success. “It might be incorrect to decide people for mistakenly going to the respectable utility store for the firmware updates after buying a brand new Android tool,” Kuprins stated, “companies frequently package deal their Android OS builds with an intimidating quantity of software program, and it can without difficulty get confusing.
” Hardly surprising that new and non-technical users of a Samsung device would possibly look to install an app that guarantees to make what can look like a daunting mission easy and describes its functionality consequently: “Download any OS update for any Samsung tool ever launched, examine the contemporary Android tech information and access the brand new firmware enhancements, Android model updates, Android recommendations, hints, courses & how-to tutorials to test if you may upgrade or update your tool to a new version of the Android OS.”
What did Kuprin discover about the app?
While the app does certainly permit the person to look for firmware particular to their device, Kupres determined it to be “filled with advertisement frameworks,” and distributing Samsung firmware as part of a paid subscription scheme. The app developers aren’t, Kupres said, officially affiliated with Samsung and charging an annual fee of $34.99 to get entry to what’s certainly a free-to-use replacement process. Then there may be additionally the fact that the price technique itself does not take place through the legitimate. At ease, the Google Play subscriptions method, however, as an alternative, asks for credit card info dispatched to another website.
“There is a shady peculiarity about these firmware downloads,” Kuprins warned, “it does allow registered users to download firmware without cost; however, the download fee is restricted to 56 KBps.” In this manner, a standard firmware download would take at least four hours in preference to simply minutes if downloaded and mounted directly on the handset following the reputable Samsung replace notifications. Kupres also noted that unfastened downloads nearly always failed to complete, “motivating the user to pay for fast downloads through paid premium applications.”
What occurs now?
The researcher concerned has contacted Google to report the application and request its removal from the Google Play Store. However, at the time of writing, it remains available for download. I have even contacted Google for a remark and the app’s builders, and will update this text if and when I receive a response from both. I am mainly involved in how such an app, charging for what is essential, and completely loose, machine updating procedure is controlled to be authorized with Google’s aid inside the first location.
What ought you to do?
While no longer being malicious as such, the software does not appear like what it seems in many consumer evaluations, and the research by Kupres might endorse. My advice would be not to download apps together with this; however, alternatively, observe Samsung’s procedures for downloading updates to be shown on your telephone as a notification and walk you through the simple, speedy, and relaxed method for doing so. If you want to test the status of your tool firmware, clearly navigate to the “Software Update” option in the settings menu and pick out “Download and installation” to check in case you are strolling the contemporary updates; if no longer, then the download will start and the replacement can be finished in a remember of mins. As Kuprins stated, doing so approach ensures that the “updates are assured to come back directly from the seller,” as well as being free of charge.
