Google’s Project Zero, which investigates the security of popular software, recently turned its attention to the Galaxy S6 Edge.
A week of investigation showed that there are a number of weak points in the Samsung Galaxy S6 Edge. Over the course of a week, we found a total of 11 issues with a serious security impact. Several issues were found in device drivers and image processing, and there were also some logic issues in the device that were high impact and easy-to-exploit.
The majority of these issues were fixed on the device we tested via an OTA update within 90 days, though three lower-severity issues remain unfixed. It is promising that the highest severity issues were fixed and updated on-device in a reasonable time frame.
I love that Google has Project Zero, and that the Zero team is not afraid of exposing the weaknesses in the company’s own products (in this case, Android). Few companies out there would allow this.