NCC Group cybersecurity experts discovered flaws in the Samsung Galaxy App Store and warned the manufacturer about it. On January 1, the company released an updated version of the client (18.104.22.168), and now the researchers have revealed the technical details of the incident.
Gerd Altmann/ pixabay.com/image/source
Researchers demonstrated how to bypass the owner of the gadget to install the Pokemon Go gaming application, although hackers might choose something more dangerous in the future: according to AppBrain analytics, only 7% of Android devices are controlled by the latest version of the platform (Android 9.0 and older) and 27% of the market is unsupported.
The second issue is related to the Galaxy App Store's webview component, which supports a limited number of domain names, but it was previously incorrectly configured, making it possible to bypass restrictions and view pages controlled by potential hackers.
If you notice an error, move your mouse over it and press CTRL + ENTER.