The Project Zero team sought out vulnerabilities in the Galaxy S6 Edge, selected for its popularity, then reported them to Samsung to see how long it would take the manufacturer to fix the security risks.
Silvanovich continued, "The majority of these issues were fixed on the device we tested via an OTA update within 90 days, though three lower-severity issues remain unfixed. It is promising that the highest severity issues were fixed and updated on-device in a reasonable time frame."
The majority of Android devices are made by what Google dubs Original Equipment Manufacturers (OEMs), external companies that use an open-source version of the operating software called Android Open-Source Project (AOSP) that is then expanded upon.
OEMs like HTC, LG, and Samsung introduce additional code to their devices and in turn create potential vulnerabilities uncontrolled by Google. They are responsible for fixing identified risks and administering the necessary security updates.
The Project Zero team has included a full report of the identified issues on their blog.
