Skip to main content
  1. Home
  2. Phones
  3. Android
  4. Mobile
  5. News

Google flags preinstalled malware as hidden threat on millions of Android phones

Add as a preferred source on Google

Maddie Stone, a security researcher on Google’s Project Zero and a former tech lead on the Android Security team, flagged preinstalled malware on millions of new Android smartphones as a hidden threat that requires more attention.

Stone shared her team’s findings at the Black Hat USA 2019 conference in Las Vegas, in a presentation in which she said that a smartphone may have as many as 400 preinstalled apps out of the box. This is a major problem because attackers are attempting to hide malware in the preinstalled apps, as it is easier to convince one manufacturer to agree to a preloaded app than to convince thousands of users to download an infected file.

Recommended Videos

“If malware or security issues come as preinstalled apps,” Stone warned, “then the damage it can do is greater, and that’s why we need so much reviewing, auditing, and analysis.”

The risk affects the Android Open Source Project, which is a lower-cost alternative to the full version of Google’s mobile operating system. AOSP is installed in cheaper smartphones to keep the price tag down, but unsuspecting customers are in danger of purchasing devices that come with preinstalled malware.

While this means that Android smartphones released by Google and partners such as Samsung are generally safe from the risk, Google’s Project Zero discovered more than 200 manufacturers who have launched devices with hidden malware. One particular malware of concern is Chamois, which upon infecting a device, generates ad fraud, installs background apps, downloads plugins and even send text messages at premium rates. In March 2018, Stone’s team found Chamois preinstalled in 7.4 million Android devices.

Google’s Project Zero has been working with device manufacturers to address the issue, and that has helped reduce the number of smartphones preinstalled with Chamois to only 700,000 between March 2018 and March 2019. Stone, meanwhile, called for security researchers to place a bigger focus on preinstalled malware as a security threat, as the attention is often directed towards malware that people are tricked into downloading themselves. Then again, even Android antivirus apps have shown to provide inadequate malware protection, according to a study from earlier this year.

Stone’s Black Hat presentation follows a study from June that claimed 43% of Android apps were found to have vulnerabilities, while 38% of iOS apps had the same issue.

Aaron Mamiit
Aaron received an NES and a copy of Super Mario Bros. for Christmas when he was four years old, and he has been fascinated…
Apple reportedly wants to sell 10 million foldable iPhones, but the starting price could give you serious sticker shock
Nikkei Asia reports Apple has raised its iPhone Ultra production target to around 10 million units ahead of the September launch.
Electronics, Mobile Phone, Phone

Apple is planning a bigger production run for its first foldable iPhone than previously expected, according to a new report from Nikkei Asia. The company has reportedly told suppliers to prepare around 10 million iPhone Ultra units for 2026, up from earlier estimates of 7 to 8 million.

A 30% jump in the build target

Read more
The iPhone 18 Pro could launch in these three colors, and black still isn’t one of them
Three colors, no black, and a Dark Cherry that's meant to do what Cosmic Orange did last year.
Apple iPhone 17 Pro White

iPhone Pro fans who were hoping Apple would bring back a dark color option this year might not be happy after reading this.

According to a new leak from Weibo tipster Instant Digital, the iPhone 18 Pro could launch in just three colors: Dark Cherry, Light Blue, and Silver-Gray. You see? Black or dark gray is not on the list.

Read more
Elon Musk’s SpaceX could be making an AI device that’s slimmer than the iPhone
A slim SpaceX AI device prototype has likely been shown to some investors
Elon Musk talks to the press as he arrives to to have a look at the construction site of the new Tesla Gigafactory near Berlin.

SpaceX has reportedly shown investors a prototype of a handset-like AI device that is slimmer than an iPhone. According to The Wall Street Journal, the device is said to run on a proprietary operating system, use a Qualcomm Snapdragon chip, and integrate AI technology from xAI.

The project is still at an early stage, and there is no guarantee that SpaceX will turn it into a real product. The report also does not describe it as a traditional smartphone, which is important. It could be a phone, something closer to a dedicated AI device, or a product that never makes it past the prototype stage.

Read more