Nobody likes most apps that come pre-installed in Android devices. These apps are not only as good as nothing but also, as it turns out, have security loopholes. The worst part is these apps are even rarely updated.
A new research conducted by Kryptowire suggests that these apps come with security loopholes in different forms. Which according to the security firm means the devices are rendered vulnerable on purchase.
The study involved analysis of pre-installed apps and firmware from twenty-nine Android vendors and carriers. The team covered several devices ranging from the low-end market to the flagship level.
The companies included in the research are major vendors like Samsung, Sony, Xiaomi, Tecno, Infinix, and multiple small companies with names you have probably never heard of.
Kryptowire found vulnerabilities in different forms. Vulnerabilities discovered range from Network Settings Modification, SMS Sending/Spoofing, Screenshot Capturing, System Properties Modifications, Factory Reset, App Installation/Uninstallation, Audio/Video Recording, among others. In total, the team discovered 146 vulnerabilities.
You can check the full list of vulnerabilities here.
Google is apparently aware of these vulnerabilities, and as it turns out, it is the main reason why the company launched Build Test Suite (or BTS) program. A program that mandates all of its partners to undergo before releasing phones to the market.
This program scans a device’s firmware for any security vulnerabilities in pre-installed apps.
Once the bad apps, referred to as Potentially Harmful Applications (or PHAs), are discovered, Google then works with the OEM to iron out the problems before the devices are okayed to enter the market. You can read more about the same in Google’s 2018 Android Security & Privacy report.