On 11th November 2022, Google officials issued a statement: "A platform certificate is the application signing certificate used to digitally sign the "android" application on the system image. The "android" application runs with a highly privileged user id - android.uid.system - and holds system permissions, including permissions to access user data"

In simple language it implies, if any malicious application abuses the compromised certificate related to valid platform certificates, then while getting assigned by a highly privileged 'android.uid.system' user id, it is possible to gain unwanted system-wide privilege and access practically sensitive permissions.

These permissions include

• Managing incoming & outgoing calls/SMS

• Gathering information about the device

• All data stored on the device

• Installing or deleting arbitrary packages

• Installing or removing any other Application without user permission

• And many other highly sensitive actions.

Łukasz Siewierski who is a Reverse Engineer in Google's Android Security team identified that this malicious practice of misusing platform keys. This has been reported by the Android Partner Vulnerability Initiative (AVPI) in a report listing at least 10 such certificates with associated malwares.

The impact of the compromised Certificates is that unauthorised App can take control of the infected device without user intervention. The platform developers such as Samsung and LG and others have been informed by Google and asked them to rotate (change around) the impacted certificates. It has been stated by Google that the platforms have taken the necessary steps.

Here is list of malicious Android app packages that have known to abused the certificates is below -

• com.russian.signato.renewis

• com.sledsdffsjkh.Search

• com.android.power

• com.management.propaganda

• com.sec.android.musicplayer

• com.houla.quicken

• com.attd.da

• com.arlo.fappx

• com.metasploit.stage

• com.vantage.ectronic.cornmuni

Google has clarified that at present there is no App in their Play Store who are abusing the compromised certificate.

At user end nothing much can be done except following steps:

• Do not download any App from outside the Google Play store unless you are very sure of the App provider, such as from gov.in sites.

• Update the OS Android version to latest of your device, if not updated automatically.