A security audit made by Google has highlighted at least 11 flaws in one of Samsung's current flagships, the Galaxy S6 Edge.
According to a post on the Google Project Zero page, the security audit was done to check if the OEM versions of the Android platform inadvertently expose the entire environment due to changes in the source codes.
Natalie Silvanovich, one of the "bug hunters," wrote that although Google itself has already released the official Android platform, most original equipment manufacturers (or OEMs) like Samsung use the Android Open-Source Project to tailor the new Android environment to their own devices. For example, for the recently released Android Marshmallow, Google has already updated its Nexus devices. However, Samsung is still developing its own version of the Android 6.0 platform, which it prefers over the stock Android ROM, and will update its devices with it.
This change of platform versions, while still carrying the "Android platform" brand, is causing issues in terms of security.
According to BBC, an independent security expert said that the flaws in OEM versions of Android platforms have hurt the Google name. Dr. Steven Murdoch, a security researcher at University College London, is quoted as saying, "There is definitely a tension between Google and the handset manufacturers because Google wants to protect its Android brand, and when it comes to security, Android has been quite tarnished."
However, the report also mentions that since Google has already contacted Samsung about the issues, the South Korean company has already plugged the holes, but not all of them. Some have yet to be fixed by this month.
The Google Project Zero post noted that as the team completed the security audit on a Samsung Galaxy S6 Edge, it found at least 11 flaws, calling them "high-impact security issues." However, the post did not mention if the S6 Edge they tested carried the latest Lollipop update or a development version of Android 6.0 Marshmallow for the device.
