Researchers only “scratching the surface” of a pervasive Android bloatware issue

Pre-installed Android apps for third parties pose security and privacy risks

Smartphone hacking picture

Researchers have discovered a dangerous trend concerning Android phone manufacturers whereby third-parties will pay to install pre-loaded apps containing potentially harmful code.

These third parties could be mobile network operators or other third-party advertising companies which will install different apps at the supply chain level so manufacturers can squeeze a little extra revenue out of each device sold.

Advertisement - Article continues below

The most dangerous cases where when malware was actually installed from these proprietary apps introduced by third parties. The researchers noted that such infections typically occurred in the low-end range of phones, but it was also evident in some high-end phones too.

"We identified variants of well-known Android malware families that have been prevalent in the last few years, including Triada, Rootnik, SnowFox, Xinyin, Ztorg, Iop, and dubious software developed by GMobi," read the research paper.

"According to existing AV reports, the range of behaviours that such samples exhibit encompass banking fraud, sending SMS to premium numbers or subscribing to services, silently installing additional apps, visiting links, and showing ads, among others."

In addition to the malware-laden apps, researchers found that many apps also had access to personally identifiable information (PII) and these appeared to distribute said information to third parties.

Other intrusive behaviours observed include apps being able to collect and distribute email and phone call metadata to third parties; this data could include contact details and recipients which can inform leads used by marketers.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

The data analysed by university researchers from the US and Spain was based on information provided by 2,748 volunteers using 1,742 different Android devices.

It's not just security issues that Android users are facing, the researchers point to a much wider chain of partnerships between handset vendors, network carriers, analytics services and online services such as Skype and Dropbox.

These far-reaching partnerships "suggest and in some cases confirm" instances where the companies you trust the most, namely Samsung, Huawei and Sony are knowingly granting permissions which circumvent Android's prevention of apps accessing sensitive data to third-party apps.

For example, Chinese tech giant Baidu's geo-location permission can be exposed and circumvented by third-party apps, meaning your location data could be accessed by an app which you didn't explicitly approve.

Facebook has also been found to download other associated software such as Instagram after permissions were circumvented in 24 Android vendors including Samsung, Asus, Xiaomi, HTC, Sony and LG.

Advertisement - Article continues below

The researchers say that after a full year, they've only just begun to scratch the surface of a much wider issue surrounding the Android device supply chain and the effect it's having on user security and privacy.

In terms of how to rectify the situation, the researchers speculate on a few possibilities. "Google might be a prime candidate for it given its capacity for licensing vendors and its certification programs."

"Alternatively, in absence of self-regulation, governments and regulatory bodies could step in and enact regulations and execute enforcement actions that wrest back some of the control from the various actors in the supply chain."

Google's Play Protect is Android's built-in malware protection against nefarious apps and is "backed by the strength of Google's machine learning algorithms, it is always improving in real time", according to its web page.

We approached Google for comment on the extent to which Play Protect can mitigate the threats imposed by these pre-installed apps but it did not immediately reply to our emails.

The discovery highlights the prevailing issue with Android apps both proprietary and downloaded from the Google Play store where security and privacy issues run rife.

Featured Resources

Preparing for long-term remote working after COVID-19

Learn how to safely and securely enable your remote workforce

Download now

Cloud vs on-premise storage: What’s right for you?

Key considerations driving document storage decisions for businesses

Download now

Staying ahead of the game in the world of data

Create successful marketing campaigns by understanding your customers better

Download now

Transforming productivity

Solutions that facilitate work at full speed

Download now
Advertisement
Advertisement

Recommended

Visit/mobile/google-android/356373/over-2-dozen-additional-android-apps-found-stealing-user-data
Google Android

Over two dozen Android apps found stealing user data

7 Jul 2020
Visit/security/ransomware/356292/university-of-california-gets-fleeced-by-hackers-for-114-million
ransomware

University of California gets fleeced by hackers for $1.14 million

30 Jun 2020
Visit/security/cyber-security/356289/australia-announces-135b-investment-in-cybersecurity
cyber security

Australia announces $1.35 billion investment in cyber security

30 Jun 2020
Visit/cloud/cloud-security/356288/csa-and-issa-form-cybersecurity-partnership
cloud security

CSA and ISSA form cyber security partnership

30 Jun 2020

Most Popular

Visit/business/business-operations/356395/nvidia-overtakes-intel-as-most-valuable-us-chipmaker
Business operations

Nvidia overtakes Intel as most valuable US chipmaker

9 Jul 2020
Visit/laptops/29190/how-to-find-ram-speed-size-and-type
Laptops

How to find RAM speed, size and type

24 Jun 2020
Visit/security/cyber-attacks/356417/trump-confirms-cyber-attacks-on-russia-election-trolls
cyber attacks

Trump confirms US cyber attack on Russia election trolls

13 Jul 2020