Skip to main content

Google flags preinstalled malware as hidden threat on millions of Android phones

Maddie Stone, a security researcher on Google’s Project Zero and a former tech lead on the Android Security team, flagged preinstalled malware on millions of new Android smartphones as a hidden threat that requires more attention.

Stone shared her team’s findings at the Black Hat USA 2019 conference in Las Vegas, in a presentation in which she said that a smartphone may have as many as 400 preinstalled apps out of the box. This is a major problem because attackers are attempting to hide malware in the preinstalled apps, as it is easier to convince one manufacturer to agree to a preloaded app than to convince thousands of users to download an infected file.

“If malware or security issues come as preinstalled apps,” Stone warned, “then the damage it can do is greater, and that’s why we need so much reviewing, auditing, and analysis.”

The risk affects the Android Open Source Project, which is a lower-cost alternative to the full version of Google’s mobile operating system. AOSP is installed in cheaper smartphones to keep the price tag down, but unsuspecting customers are in danger of purchasing devices that come with preinstalled malware.

While this means that Android smartphones released by Google and partners such as Samsung are generally safe from the risk, Google’s Project Zero discovered more than 200 manufacturers who have launched devices with hidden malware. One particular malware of concern is Chamois, which upon infecting a device, generates ad fraud, installs background apps, downloads plugins and even send text messages at premium rates. In March 2018, Stone’s team found Chamois preinstalled in 7.4 million Android devices.

Google’s Project Zero has been working with device manufacturers to address the issue, and that has helped reduce the number of smartphones preinstalled with Chamois to only 700,000 between March 2018 and March 2019. Stone, meanwhile, called for security researchers to place a bigger focus on preinstalled malware as a security threat, as the attention is often directed towards malware that people are tricked into downloading themselves. Then again, even Android antivirus apps have shown to provide inadequate malware protection, according to a study from earlier this year.

Stone’s Black Hat presentation follows a study from June that claimed 43% of Android apps were found to have vulnerabilities, while 38% of iOS apps had the same issue.

Editors' Recommendations

Aaron Mamiit
Aaron received a NES and a copy of Super Mario Bros. for Christmas when he was 4 years old, and he has been fascinated with…
This is the most jaw-dropping Android phone I’ve seen in years
Angled view of OnePlus 11 Marble Odyssey Edition.

“I’ll buy this one just for the looks,” remarked the barista at my favorite coffee shop as he saw me photographing the OnePlus 11 Marble Odyssey Edition. I’d do that, too. Who wouldn’t buy an extremely well-rounded Android phone that’s got a marble-like back with gold accents but still comes cheaper than your bland-looking iPhone or Samsung Galaxy?

In the past few years, OnePlus has drawn flak for losing its edge, losing grip with the famed “flagship killer” mantra that won its legions of fans. Passionate fans, I’d say. The OnePlus 11, starting at $700, brought the brand back on track. In my own experience, I haven’t used a phone as fulfilling as the OnePlus 11 over the past year. Of course, a palatable price makes it immediately likable, too.

Read more
Nokia’s newest Android phone has an unbelievably cool feature
The Nokia G42 in purple.

HMD Global’s newest Nokia phone is one you can repair yourself if key parts of it get broken. The Nokia G42 is the second device from the company in its QuickFix lineup and the first with 5G connectivity, but the level of quick and easy repairability is the same as the 4G Nokia G22 announced earlier this year.

This means you can replace a cracked screen, a dead battery, a broken USB Type-C charging port, or a damaged rear cover yourself. There’s no need to throw the phone away, visit a repair center, or pay someone else to do the work. HMD Global has a partnership with iFixit, where you can order the replacement parts and follow the simple instructions to fit them at home. It's something we rarely see in the smartphone world — even from the best smartphones from Apple, Samsung, and Google.

Read more
Android is still beating the iPhone in a small (but important) way
Android App Timer on Google Pixel 6a and iOS App Limit on iPhone 11.

Our phones, as you know, can sometimes become depthless abysses. Almost everyone has experienced the inconquerable pull of spending hours switching from one social media or entertainment app futilely. And this routine even has a name -- "doomscrolling."

Thankfully, overlords that control the smartphone world, namely Google and Apple, have been conscious of this issue and offer tools that constantly remind you to spare your eyes from the screen and revisit the physical world to replenish your senses.

Read more