Some software pre-installed by the original equpment manufacturer (OEM), which cannot be disabled or deleted by users, is what's vulnerable. Certifi-Gate has the ability to turn a mobile phone into somewhat of a remote spying device, allowing hackers to switch on the microphone, get the handset's location, and steal personal data, all without a single glitch to tip off the user. While there is a verification system in place for smartphones, it is highly flawed, thus allowing privileged access to hackers once their apps are connected to the device. While Android's latest Lollipop OS is believed to be the most secure Android OS, it is still at risk of Certifi-Gate according the network security firm Check Point.While this is something all Android users should be concerned about, Check Point has developed a scanning app which can detect vulnerabilities in a smartphone. It's called Certifi-Gate Scanner, and it is now available for download in the Google Play store.
Although there are many handsets susceptible to the risk, most Android smartphone makers are aware of the issue and will soon be releasing a patch to fix any vulnerability.
Source
