Posted on August 11, 2019 at 9:58 AM
Google Reveals That Android Has Been Selling Phones with Pre-Loaded Malware
In a development that is sure to scare off lots of potential users around the world, it came to prominence this week that tens of millions of smartphones with the Android operating system have dangerous malware preloaded. To make matters worse, the source of the news is Google itself, Android’s parent company.
Google’s security research staff alerted the community that numerous new Android devices are being offered in the market despite coming pre-loaded with malware installed at the factory level. Android is known as one of the biggest and most prominent operating systems, but also as one of the most dangerous and unreliable: allegations of dangerous apps in the Play Store are a common occurrence.
Ad Fraud and Taking Over the Hosting Device
A report from Forbes details how a new user that takes the phone off its box and starts configuring it may be in contact with malware because it is pre-installed, and it can download other kinds of malware in the background, incur in ad-related fraud, or kidnap its host device, among other things.
The fact that Android is such a successful open source community is very positive because it stimulates innovation. However, members of the community can discreetly inject malware in software loads coming on boxed smartphones and devices.
In fact, consider that new phones can have nearly 400 preinstalled applications, and that is even before the user takes it out of its box. Many people ignore that fact and carelessly use the device without knowing about any threats or risks.
However, most of those apps haven’t been vetted and, judging by the way they function; the user won’t notice anything wrong because they seem to work properly and offer the service they are supposed to.
More Difficult to Manage
The Black Hat cybersecurity conference served as the scenario for Project Zero’s and Google’s researcher Maddie Stone to present her team’s findings. She explained that the fact that the malware comes pre-installed makes the situation significantly more dangerous and more difficult to manage. According to her, Android and Google need more reviewing, auditing and analysis.
Other entities are impacted by the risk, including the smaller Android’s Open-Source Project (AOSP). It is installed on cheaper smartphones in order to maintain the price structure.
Stone also stated that because of the way the supply chain works, the attacker has to convince only one firm to include their app, rather than hundreds or even thousands of potential users.
Although Google did not reveal which brands had the pre-installed malware, over 200 smartphone manufacturers got into trouble for failing the proper tests: their devices could be attacked from remote locations because of the malware.
The Chamois and Triada malware campaigns were especially virulent. The former because of the ad frauds, secretly installing apps in the background, and downloading plugins. It comes installed in a whopping 7.4 million smartphones. Meanwhile, Triada is older but displays ads and installed applications, as well.
Finding a Solution
According to reports, Google is not only aware of the issue but is also trying to find a solution by working alongside device manufacturers to detect the vulnerabilities in the supply chain. Because of that, Stone said that the devices infected with Chamois were reduced from 7.4 million to 700,000.
Google and Android have a particularly problematic issue while dealing with this situation: the ecosystem, per Stone, is very broad, and that makes it hard to screen in a highly efficient manner.
She explains that the Android ecosystem has lots of OEMs and customizations and that if a criminal can infiltrate the supply chain, it has won half of the battle because it will have managed to infect millions of devices.
For now, users can be more careful with the apps they download from the Google Play Store, avoiding any unknown sources. However, to this date, there is not much they can do about malware pre-installed apps.
