Beware! Android Users, Your Phone is Bugged

Security firm Kryptowire has exposed a potentially malicious centre created by preinstalled apps on cheap Android smartphones

 

All of us who purchased an Android smartphone would have observed that when booted the first time, it shows up a bunch of pre-loaded junk applications that none of actually wanted or would probably use during our association with the gadget. And yet, these apps stay put as users tend to ignore them for most times.

However, a recent research by security firm Kryptowire suggests that these clunky and mostly useless apps could be full of security holes. The company created a tool to auto-scan several Android devices as part of a study funded by the US Department of Homeland Security. They ran the tests on 29 different vendors of which a majority were not big names though a few such as Samsung and Sony did spring up during the study.

However, what they found should make each of us sit up and take notice. For Kryptowire found vulnerabilities of multiple varies such as apps that forces us to install other apps to tools that can be used to record audio without our permission and others that quietly go about messing up with the systems settings behind our backs.

All of the above resulting in the possibility of security breaches of differing magnitudes with the possibility of surveillance too not being ruled out.

The research, which is the latest in a series of annual exercises detailing security threats posed by manufacturers of smartphones and the mobile carriers around Android devices, found as many as 146 new vulnerabilities on the phones shipped by these 29 manufacturers.

By the way, it isn’t as though Google is unaware of these potential threats. Last year, the company launched the Build Test Suite that required all OEMs to successfully pass. The Suite scans the firmware on a device for known security issues in the pre-installed apps and flags those that could as potentially harmful applications or PHAs, Google had said in its 2018 Android Security Report.

The report details the process whereby the manufacturers submit new or updated build images to the Suite which then runs tests for security issues on the system images, including for those that could be potentially harmful. In case, such an application is found, Google works with the manufacturer to take remedial steps or remove the PHA from the build stage itself. The report says that the Suite prevented as many as 242 builds with PHAs from entering the market.

In an interaction published on CNet.com, Kryptowire CEO Angelos Stavrou suggested that the only way to safeguard the user was for Google to become more accountable. He says that Google should demand more thorough code analysis from the vendor while lawmakers should seek accountability from enterprises for putting the security of personal information of end-users at risk.

The website said Google reverted to their questionnaire with the suggestion that it appreciated the work of the research community who collaborate with them to fix responsibility and disclose issues such as the ones raised by Kryptowire. Of course, this is nothing more than the standard response to cybersecurity issues that enterprises make at the whiff of trouble.

What would prompt Google to take the matter seriously and ensure that there is more to their tests than an automated run-down of the new gadget is something only time will tell.

Meanwhile, the only way we Android users can keep ourselves safe is to immediately remove all the pre-installed apps that the phones fire up, barring those that are integral to our daily usage such as Google Playstore!


TAGS: Google, Android, malware, Bugs, Kryptowire