The built-in applications of the Android system mobile phone manufacturers have unique certificate keys, so the system allows these apps to obtain the highest authority.
However, after some of the keys were stolen, malware exploited the permission to invade, and Google recently warned manufacturers to replace the keys regularly.
Google's recent Android Partner Vulnerability Project (AVPI) warned that hackers have used stolen certificate keys to make malware into a high-privilege user "android.uid.system", gaining control of the device and even access to user data. Google shows 10 malware using this method, and at the same time recommends manufacturers to change the platform certificate and minimize the number of apps using this certificate to prevent serious vulnerabilities. Google revealed that Samsung, LG, and MediaTek devices have this problem, but unfortunately, there is no evidence that Google Play has malware for this attack. If users do not install software outside the official channel, they will not be at risk.
Hackers are using stolen Android certificate keys to authenticate malware, Google warns