Some apps that come pre-installed on Android phones may have up to 146 flaws, according to a report released last Friday (15) by Kriptoware, a company specializing in digital security. The issue is even more acute when it is found that the vulnerability is present in devices from 29 different companies. The research was sponsored by the Department of Homeland Security of the United States.
Among the main flaws found, are the installation of apps without user authorization, audio recording without the cell phone owner knowing, changes in system settings, among other less or more serious bugs. As the Wired publication highlighted, the largest volume of manufacturers are small and concentrated in Asia, but there are also industry giants such as Asus, Sony, Samsung, and Xiaomi.
The companies cited in the survey were immediately notified as soon as the study was completed. Samsung, for example, minimized the problem and stated, through an official note, that Android Security does the job of protecting the user in these cases. “Since we were notified by Kryptowire, we have promptly investigated the applications in question and determined that the appropriate protections are already in place,” said Samsung in a statement to the U.S. press.
Tom Karygiannis, vice president of products for Kriptoware, told Wired: “Samsung applications can be used by third parties in the supply chain to gain access to information without disclosing it or requiring permissions. The current design of the Android Security framework does not prevent this from happening today.
In 2018, Google launched a tool called Build Test Suite, which is responsible for just looking for and finding this type of flaw. However, it was not very emphatic about the possible improvements. “We appreciate the work of the research community that collaborates with us to solve and responsibly disseminate issues such as these,” he said in a statement sent to Wired.
As The Next Web rightly warned, when a user downloads an infected or failed app, there is still the possibility of deleting it. However, the flaws detected by the survey are in OEM applications, those that are factory installed on manufacturers’ systems, so-called blockware, which often prevents their removal.
This post may contain affiliate links, which means that I may receive a commission if you make a purchase using these links. As an Amazon Associate, I earn from qualifying purchases.