Regardless of maker, model, cost, among other variables, any smartphone we buy has pre-installed applications from the factory. According to experts in ethical hacking, while some of these apps help the proper functioning of our devices, most are considered junk and will be disabled by the user.
The presence of pre-installed applications had not been considered as a computer security issue, at least not until now, as new reports, emerged no more or less than Google, report that there are millions of mobile devices with operating system Android that are sold with pre-installed apps infected with some malware variants, even with backdoors.
Project Zero, a security division within Google, has conducted extensive research, uncovering multiple flaws in the software of the devices we use every day. Although on previous occasions malicious apps have been reported that manage to bypass Google’s security controls and enter the Play Store, this is a much more worrying risk scenario, as the last thing users expect to find in their new smartphone is an application infected with malware.
Moreover, ethical hacking experts mention that, in some cases, even if the malware is not pre-installed on the smartphone, it is possible that some of these applications may be able to download some malicious component. It should be remembered that, on average, a new smartphone has a little less than one hundred pre-installed applications, counting the visible and hidden ones in view of the end users; However, in some specific cases the number of pre-installed apps can reach 400.
Project Zero researchers argue that manufacturers and developers need to do better analysis and auditing to determine the extent to which a new product available on the market is or is unsafe. “It is necessary to focus on the analysis of smartphones related to Android Open Source Project (AOSP), because these are the most widely used devices”, said Maddie Stone of Google.
According to the company, the software pre-installed on the devices of more than 200 smartphone manufacturers contains malware; in most cases, it is possible to access these terminals remotely to perform various malicious activities.
According to specialists in ethical hacking of the International Institute of Cyber Security (IICS), the most prominent finding of this research is malware known as Triada, pre-installed on about 7 million devices over the past year. This malware displays fake ads and downloads apps in the background without the consent of the victims.