Kryptowire, an information security research company, has published a report on the status of software and firmware installed by manufacturers of Android mobile devices. It says that the researchers were able to identify 146 potentially dangerous applications that are preinstalled by 29 manufacturers in budget segment devices.
The study showed that the identified vulnerabilities can be used by attackers to listen to the owner of the device through the microphone, change the level of access rights in the system. In addition, the software can be used to secretly transfer data to the manufacturer.
It is worth mentioning that various device manufacturers appear in the Kryptowire report, ranging from not-so-famous ones like Cubot or Haier to companies such as Sony and Xiaomi. Considering that new Android devices have between 100 and 400 pre-installed applications, the discovered vulnerabilities can pose a serious threat to ordinary users.
βGoogle should require more code review from vendors of software that is part of the Android ecosystem. Legislative mechanisms need to be developed to penalize companies that compromise the security and personal information of end users,β said Angelos Stavrou, CEO of Kryptowire.
It's worth mentioning that pre-installed applications, like those found by researchers, are often small, unbranded components of third-party software that are built into features of larger manufacturer-branded programs. Pre-installed applications are a particularly serious security risk because they usually have more rights on the system than user-installed software.
Source: 3dnews.ru