146 Bugs Are Found In Android Preinstalled Apps In 2019

Once again, Kryptowire has exposed a lot of potentially malicious activities by apps preinstalled on cheaply made Android phones. The security research firm, through research funded by the Homeland Security Department of the US, discovered apps that were recording audio secretly, changing phone settings with no user consent. The apps were found to even grant new permissions to themselves.

This is the latest research in what has become an almost annual detailing of pervasive security threats from carrier and manufacturer firmware they found on Android devices. in 2019, the security research firm found 146 new vulnerabilities on devices from 29 manufacturers, it used a new tool to scan and detect vulnerabilities without needing an actual phone.

Answer the question about what could end the ecosystem of cheaply made, malicious software, the firm’s CEO pointed to Google, which had greater product accountability, saying that:

Meanwhile, Google expressed its appreciation of the work the research community collaborating with it has done to responsibly fix the issues and disclose such information.

Preinstalled apps such as the ones Kyptowire found in its research are usually small, third-party software that is tucked into larger, widely known manufacturer apps. Preinstalled apps carry a big security threat because they often operate more freely on the phone than other apps. And users can’t remove preinstalled app easily.

During the Black Hat cybersecurity conference in 2017, similar security threats were exposed by Kryptowire, which appeared in cheaper phones made by Shanghai Adups Technology. The security research firm found that the software sent user data to the company’s Shanghai-based server without users knowing. According to the company, the issue was solved. Last year, the security firm released a study into the flaws in the preinstalled firmware of 25 Android phones that were cheaply produced. Also last year, Google introduced the Test Suite as part of its attempt to tackle these problems.

Although Kryptowire has exposed vulnerabilities almost annually, we have also witnessed the improvement in Google’s security strategy. Its CEO said:

Maddie Stone, a security researcher at Google, said during the 2019 Black Hat presentation that there are between 100 and 400 preinstalled apps in an Android device. Stone explained that if you were a malicious actor, you just need to convince one firm to include your app instead of thousands of users.