Google’s Project Zero security research team has recently found a 0-day vulnerability in the Android kernel that has affected several smartphones including the Huawei P20.
This new bug allows the attacker to gain control over the operating system to access any of the user’s app data stored on the device. And It’s expected that this new exploit is still being used on devices, (via Arstechnica).
According to the Project Zero team, this issue was patched in Dec 2017 but later on, reappeared on devices running Android 8.0 or above. Other devices which appear to be vulnerable based on source code review are the followings:
- Huawei P20
- Google Pixel 2 (Android 9 and Android 10 Preview)
- Samsung Galaxy S7, Galaxy S8, Galaxy S9
- Moto Z3
- All LG phones running Android 8
- Oppo A3
- Xiaomi Redmi 5A
- Xiaomi Redmi 6
- Xiaomi A1
Other than P20, there’s no other Huawei smartphone listed by the researchers but this list could be updated.
The research team also said the company will roll out a security patch to prevent this vulnerability possibly in the October Android security update.
Even if you got caught by this bug, the exploit still needs your interaction to spread its reach over your device. This could mean that the bug could ask you to install a new app or to allow a download via the browser. So, do not allow such permissions.
For users who want to stay away from similar issues, we recommend you to be aware while installing third-party apps. Moreover, do not install apps that seem suspicious.