Update (26 February 2020): Samsung has reached out to SamMobile to clarify that the data breach wasn’t related to the Find My Mobile notification. Instead, the data breach was an isolated incident which occurred on the UK Samsung website. According to the report, only 150 customers were affected in the data leak.

Last week, tech news was rife with news of a number of Samsung users getting a strange unexplained prompt from their Find My Mobile app. If you’re still 1dering why you got it, it appears that the issue may be a lot bigger than Samsung initially admitted to.

Here’s a little recap of what exactly happened. Samsung devices across the world started receiving a strange notification from their Find my Phone app. The notification simply said 1,1. There was no explanation nor reason behind the notification.

Reports also surfaced that Samsung’s non-Galaxy devices such as the Galaxy XCover. What’s even more alarming is that users who have already deactivated the “Find My Mobile” application were still receiving the notification. Deactivated applications are applications which have essentially been turned off as they cannot be uninstalled without altering the phone’s software. This and the fact that the notification appeared on devices spanning the whole range of Android enabled Galaxy devices including the new Galaxy Z Flip as reported by renown tech journalist, Michael Fisher; makes things very worrying.

See more

Huh. Girlfriend and I just had exactly the same Samsung push notification: her Note 10+ and my Galaxy Z Flip each alerted with a Find My Mobile notification. When tapped, it disappeared. Different Samsung accounts on each phone.

Theories? pic.twitter.com/0NgVCWAjBe

— Michael Fisher (@Captain2Phones) February 20, 2020

Having received the notification, some users promptly decided to reset their passwords. However, when they tried to access their Samsung account pages, they were either greeted by information that wasn’t theirs or a blank screen. Keep in mind, a Samsung account is tied to every Galaxy device. In fact, on Android enabled devices, setting up a Samsung account is also part of the phone’s setup. The account is also tied to the SamsungPay service. Samsung’s payment gateway stores credit card and debit card information to use when paying at merchants.

See more

Recently, a notification about “Find My Mobile 1” occurred on a limited number of Galaxy devices. This was sent unintentionally during an internal test and there is no effect on your device. We apologize for any inconvenience this may have caused our customers. ^LF

— Samsung Help UK (@SamsungHelpUK) February 20, 2020

Samsung initially owned up to the issue saying that the it was an internal test and that the notification was sent out unintentionally during an internal test. However, the company recently owned up to a data breach. In a statement to UK based news portal, The Register, Samsung’s spokesperson said,

“A technical error resulted in a small number of users being able to access the details of another user. As soon as we became of aware of the incident, we removed the ability to log in to the store on our website until the issue was fixed. We will be contacting those affected by the issue with further details.”

While the company has yet to reveal what “a small number” means. We can expect that the number is large enough. In my own experience, 4 out of 5 friends using Samsung devices received the notification. So, it would be safe to assume that the issue is relatively widespread.

Of greater concern is how the app was able to send out a notification. This indicates that the app was still running in the background and points to the app having more functionality than it should. It also raises the question on what functionality Android allows disabled built-in apps.