Enterprise security solutions company KryptoWire has identified 146 vulnerabilities in pre-installed Android apps from up to 27 vendors.
The study, funded by the US Department of Homeland Security (DHS), uncovered security flaws in a variety of devices, ranging from flagship smartphones to entry-level or low-end phones.
According to the report, the vulnerabilities could allow unauthorized users to modify system settings, stealthly install unwanted applications, and even record audio without user consent. I don't fuck...!
Android vulnerabilities in Samsung, Xiaomi and Asus phones
The report claims that the vendors include some of the biggest and most reputable global names in the tech world, including Samsung, Asus, and Xiaomi.
However, some of these vendors are predictably pushing back on the accusations, with Samsung issuing a statement to Wired, saying:
“We have quickly investigated the applications in question and have determined that the appropriate protections are already in place”.
Kryptowire, however, disagrees with that statement, with the company's vice president of product, Tom Karygiannis, saying:
“Samsung applications may be used by users in the third-party supply chain to gain access to information without disclosing it or requiring permissions”.
He further pointed to the Android security framework, saying:
"The current design of the Android security framework does not prevent that from happening today".
Malware on Android is still a big problem despite a multitude of steps taken by Google to eradicate the problem in recent times.
The company recently brought together major cybersecurity firms ESET, Lookout, and Zimperium under an organization called the App Defense Alliance to stop “Malicious applications before they reach users' devices”.
However, as the latest study seems to show, there is a long way to go before the platform is truly secure.