In a new reveal, CSIS Security Group’s report suggests,”An app named ‘Updates for Samsung‘ promising updates for Samsung phones has been installed by over 10 million users. though a large number of users have alleged that it’s nothing more than an ‘aggressive ad delivery platform’.” Cyber-security firm CSIS Security Group also underlined that the app lists unofficial firmware updates and most importantly it doesn’t use Google Play subscriptions to charge money for the update packages.
On digging through the site we find that the vendors are offering a free and paid Samsung firmware updates to users. But digging further through the app’s source code, researchers found that the website limits the speed of free downloads to 56 kbps, causing the so-called ‘free’ firmware downloads to eventually time out. By crashing all of its free downloads, the developers of the app force people to shell out $34.99 for a premium package to download any files.
“Besides being stuffed with advertisement frameworks and not being affiliated with Samsung (yet distributing their firmware), the app offers paid subscriptions for the downloads of the said firmware,” Kuprins wrote. “A user can get an annual subscription for Samsung firmware update downloads for a small fee of $34.99.”
However, the Updates for Samsung app was still available for download through Google Play. Users are, recommended to use the formal source for downloading firmware updates instead of relying on any unofficial source. Samsung, just like other Android OEMs, provides a native option to download software updates by going to the settings menu.