Since Android is inherently more open than iOS, security can be more of an issue than on other platforms. Android phone makers such as Samsung, LG, and others often introduce their own code to Google’s Android in order to modify the software experiences on their products.
Google notes that in some cases this extra code can be vulnerable to hackers. A group of researchers at Google known as Project Zero recently decided to dig into Samsung’s Galaxy S6 Edge to test its security.
Google teams in the United States and Europe worked on three challenges to test the device, which included gaining remote access to contacts, photos and messages and executing code on a device even after it’s been wiped. Google’s researchers came back with 11 bugs total after performing tests on the phone for a week.
Samsung fixed eight of these issues through an update in October. It says the remaining three will be addressed in another update coming in November. “At Samsung, maintaining the trust of our customers is a top priority,” the company said in a statement.
Devices eligible for the security update include Samsung’s Galaxy S series, its Galaxy Note series, and its Galaxy Tab series.
One bug Google found was capable of forwarding emails to another account, while another had to do with file corruption. Some issues were troubling because it didn’t take much time to “find, exploit, and use” these vulnerabilities, Google’s blog post said.
Bugs and vulnerabilities are discovered within Android from time to time. Although most of them can pose significant risks, they’re often addressed early on. That’s a big part of why Google assembled its Project Zero team, which is tasked with eliminating software issues and risks on the web before they cause trouble.
Researchers outside of Google stumble upon bugs within Android, too. Experts at Zimperium found a vulnerability known as Stagefright in July, for example, that could infect a user’s handset without his or her knowledge.