More than 10 million users of Samsung smartphones have accomplished the right component in controlling firmware updates that improve and cozy the going for walks of their gadgets. Unfortunately, they will well have accomplished so in this type of way that can impact device protection negatively and value them money for installing updates that have to be freed from rate.
What has long past wrong for 10 million Samsung users?
Aleksejs Kupres, a malware analyst at CSIS Security Group, has discovered how an app referred to as “Updates for Samsung” has been hooked up by extra than 10 million customers who have downloaded it from the respectable Google Play app shop. As first reported by ZDNet, the app “promises firmware updates, but, in fact, redirects users to an advert-crammed website and fees for firmware downloads.”
This is especially concerning no longer only due to the fact; as I write this morning, the app remains to be had for download at Google Play but also because it undermines the message that so a lot of us try to get throughout approximately the importance of retaining up to date with the modern-day updates to your smartphones to stay one step ahead of folks who would do you damage. Installing firmware updates is suggested no longer simplest to ensure your tool is walking with all the today’s features and height performance, however also for security reasons. Anything that devalues that replace message also weakens the safety stance of your phone. However, there is no inherent malicious cause from the safety angle with the app builders’ aid.
How did this happen?
According to Kupres, the reality that the app was named “Updates for Samsung” and made to be had through the legitimate app store for Android users, that is frequently but wrongly assumed to be a depository of perfectly secure apps most effective, turned into the important thing to its success. “It might be incorrect to decide people for mistakenly going to the respectable utility store for the firmware updates after buying a brand new Android tool,” Kuprins stated, “companies frequently package deal their Android OS builds with an intimidating quantity of software program, and it can without difficulty get confusing.
” Hardly surprising that new and non-technical users of a Samsung device would possibly look to install an app that guarantees to make what can look like a daunting mission easy and describes its functionality consequently: “Download any OS update for any Samsung tool ever launched, examine the contemporary Android tech information and access the brand new firmware enhancements, Android model updates, Android recommendations, hints, courses & how-to tutorials to test if you may upgrade or update your tool to a new version of the Android OS.”
What did Kuprins discover about the app?
While the app does, certainly, permit the person to look for firmware particular to their device, Kupres determined it to be “filled with advertisement frameworks,” and distributing Samsung firmware as a part of a paid subscription scheme. The app developers aren’t, Kupres said, officially affiliated with Samsung and charging an annual fee of $34.99 to get entry to what’s certainly a freed from charge replace process. Then there may be additionally the fact that the price technique itself does not take location through the legitimate. At ease, the Google Play subscriptions method, however, as an alternative, asks for credit score card info despatched to every other internet site.
“There is a shady peculiarity about these firmware downloads,” Kuprins warned, “it does allow registered users to download firmware without cost; however, the download fee is restricted to 56 KBps.” In this manner, a standard firmware download would take at least four hours in preference to simply minutes if downloaded and mounted directly at the handset following the respectable Samsung replace notifications. Kupres also noted that unfastened downloads nearly usually failed to complete, “motivating the user to pay for fast downloads thru paid top rate applications.”
What occurs now?
The researcher concerned has contacted Google to report the application and request it’s removed from the Google Play shop. However, at the time of writing, it stays available for download. I even have contacted Google for remark and the app’s builders and will update this text if and after I listen to a return from both. I am mainly involved as to how such an app, charging for what is essential, and completely loose, machine updating procedure controlled to be authorized with Google’s aid inside the first location.
What ought to you do?
While no longer being malicious as such, the software does not appear like what it seems like each of many consumer evaluations, and the research by Kupres might endorse. My advice would be now not to download apps together with this, however alternatively observe Samsung’s procedures for downloading updates to be shown on your telephone as a notification and stroll you through the simple, speedy, and relaxed method for doing so. If you want to test the status of your tool firmware, clearly navigate to the “Software Update” option in the settings menu and pick out “Download and installation” to check in case you are strolling the contemporary updates; if no longer, then the download will start and the replacement can be finished in a remember of mins. As Kuprins stated, doing so approach that the “updates are assured to come back directly from the seller,” as well as being free of rate.