More than 10 million customers of Samsung smartphones have accomplished the correct factor in seeking to handle firmware updates that enhance and safe the operating of their gadgets. Unfortunately, they might nicely have accomplished so in such a manner that has the potential to affect gadget safety negatively in addition to price them cash for putting in updates that must be freed from cost.
What has gone incorrect for 10 million Samsung customers?
Aleksejs Kuprins, a malware analyst at CSIS Security Group, has revealed how an app referred to as “Updates for Samsung” has been put in by greater than 10 million customers who’ve downloaded it from the official Google Play app retailer. As first reported by ZDNet, the app “promises firmware updates, but, in reality, redirects users to an ad-filled website and charges for firmware downloads.”
This is especially regarding not solely as a result of, as I write this morning, the app remains to be out there for obtain at Google Play but in addition because it undermines the message that so many people attempt to get throughout in regards to the significance of preserving updated with the most recent updates on your smartphones so as to keep one step forward of those that would do you hurt. Installing firmware updates is advisable not solely to make sure your gadget is operating with all the most recent options and at peak effectivity, but in addition for causes of safety. Anything that devalues that replace message additionally weakens the safety stance of your smartphone, even when there isn’t any inherent malicious intent from the safety perspective by the app builders.
How did this occur?
According to Kuprins, the truth that the app was named “Updates for Samsung” and made out there by the official app retailer for Android customers, which is commonly however wrongly assumed to be a depository of completely secure apps solely, was the important thing to its success. “It would be wrong to judge people for mistakenly going to the official application store for the firmware updates after buying a new Android device,” Kuprins stated, “vendors frequently bundle their Android OS builds with an intimidating amount of software, and it can easily get confusing.” Hardly stunning that new and non-technical customers of a Samsung gadget may look to put in an app that guarantees to make what can look like a frightening activity simple and describes its performance thus: “Download any OS update for any Samsung device ever released, read the latest Android tech news and access the latest firmware upgrades, Android version updates, Android tips, tricks, guides & how-to tutorials to check if you can upgrade or update your device to a new version of the Android OS.”
What did Kuprins discover out in regards to the app?
While the app does, certainly, allow the person to seek for firmware particular to their gadget, Kuprins discovered it to be “stuffed with advertisement frameworks,” and distributing Samsung firmware as a part of a paid subscription scheme. The app builders should not, Kuprins stated, formally affiliated with Samsung and charging an annual price of $34.99 to entry what is definitely a freed from cost replace course of. Then there’s additionally the truth that the fee course of itself would not happen by way of the official, and safe, Google Play subscriptions methodology however as an alternative asks for bank card particulars despatched to a different web site.
“There is a shady peculiarity about these firmware downloads,” Kuprins warned, “it does allow registered users to download firmware for free; however, the download rate is limited to 56 KBps.” This means a typical firmware obtain would take a minimum of four hours as an alternative of simply minutes if downloaded and put in instantly on the handset following the official Samsung replace notifications. Kuprins additionally famous that free downloads nearly at all times failed to finish, “motivating the user to pay for fast downloads through paid premium packages.”
What occurs now?
The researcher involved has contacted Google to report the appliance and request it’s faraway from the Google Play retailer. However, on the time of writing, it stays out there for obtain. I’ve contacted Google for remark, in addition to the builders of the app itself, and can replace this text if and after I hear again from both. I’m significantly involved as to how such an app, charging for what’s a vital, and completely free, system updating course of managed to be authorized by Google within the first place.
What must you do?
While not being malicious as such, the appliance would not seem like what it appears as each many person opinions and the analysis by Kuprins would recommend. My recommendation could be to not obtain apps equivalent to this, however as an alternative comply with Samsung’s procedures for downloading updates which will likely be proven in your smartphone as a notification and stroll you thru the straightforward, speedy and safe course of for doing so. If you wish to verify on the standing of your gadget firmware, merely navigate to the “Software Update” possibility within the settings menu and choose “Download and install” to verify in case you are operating the most recent updates; if not then the obtain will begin and the replace may be accomplished in a matter of minutes. As Kuprins stated, doing so signifies that the “updates are guaranteed to come directly from the vendor,” in addition to being freed from cost.
Updated July 6
A spokesperson for the developer of the Updates for Samsung app, an organization referred to as Updato, has now contacted me almost about this story.
“I think the original article misunderstood the purpose of the Updates for Samsung application,” the Updato spokesperson says, including “but we understand how the confusion was created and that it is on us to properly correct.”
Updato says that there “is a community of people (techies) who like to mod their phones with different versions of Android firmware from different release dates, versions, carriers and countries around the globe.” Finding these is tough, the spokesperson insists, and so the Updates for Samsung app “aggregates them for the convenience of our audience.” The Updato database “allows people to easily search for firmware in any location for any version for any device,” the spokesperson insists, persevering with “saving them many hours of potential searches and uncertainty of the origin or safety of the file.”
Updato insists that the app was “never intended for the typical Android phone owner to update their phones with the standard, latest firmware.” If you are merely seeking to improve your gadget, Updato recommends utilizing Samsung Kies, the Key Intuitive Easy System because it was recognized, or by the use of the over the air (OTA) upgrades on the gadget itself. “We specifically state this on our download pages,” the spokesperson says, and included a screenshot that urges warning and advises individuals ought to solely use Updato in the event that they know what they’re doing in addition to pointing to Samsung Kies and together with a disclaimer that the corporate just isn’t liable for any harm attributable to the knowledge or recordsdata on the Updato website.
Finally, I requested Updato why the Updates for Samsung app was not utilizing the official subscription fee methodology by Google Play itself however as an alternative redirecting to a different fee website? Here’s what the spokesperson instructed me:
“Regarding the official fee, that was an sincere ignorance on our half which we’ll treatment instantly. We have eliminated the app and will likely be updating to:
- Remove the firmware service portion and non-Google funds
- Ensure that there’s readability on the aim of the appliance
- Ensure that we reside as much as our general four Star ranking within the retailer now and into the longer term
- Focus on our nice content material”
Get more stuff like this
Subscribe to our mailing list and get interesting stuff and updates to your email inbox.
Thank you for subscribing.
Something went wrong.