Over the past few days, you may have come across a study showing that some Android smartphones come straight out of the box already infected with malware. Initially, this had nothing to do with the manufacturers or the stores that resell the devices, but it could still be risky for users.
Results of the CheckPoint study
The digital security company, Check Point, released the results of a study in which 38 devices, from two different clients, were found to be infected with malware. In both cases, the malware was installed on the device at some unknown point in the supply chain. In other words, some nasty employee has installed malicious software on these smartphones in the time between them being manufactured in the factory and being released for sale.
Following this logic, the malware in question wasn’t part of the official ROM provided by the vendor. In six cases, the virus was installed with administer privileges (ROOT access). As a result, the owner of the device wouldn’t be able to remove the virus by just restoring factory settings, the famous reset. In order to get rid of the virus they’d have to do an official ROM flash of the device. In other words, reinstall the official manufacturer software.
The threats were found on cell phones from two large companies
Who’s responsible for this?
According to the research team, the threats were found in smartphones produced by two major companies which, unfortunately, weren’t identified in the CheckPoint study. The article states that one was a “large telecommunications company” and the other a “multinational technology company.”
The majority of the malware contained adware (e.g. Loki malware) and info-stealers. Ransomware, which will encrypt all the files on a device and then demand a ransom in return for their decryption, was discovered in one case. This last one is clearly the worst possible one to find, as this could be used to extort money from targeted smartphone users.
|AD= “advertisement” and ware= “software”, is any type of automatically run program which shows a large number of ads without the user’s permission.||A type of malware which restricts access to the infected system and charges a ransom to reestablish that access.|
Why are Android devices regular targets?
As the most-used mobile platform system in the world, Android is an obvious target for digital crimes. To give you a better idea, according to StatCounter, a website which monitors global web traffic to collate usage statistics for browsers and operating systems, Google is on the verge of passing Windows as having the highest percentage of connected devices. The company’s most recent report showed that 37.4% of all online devices used Android against 38.6% using Windows.
Android is a secure operating system
Apart from all that, the number of devices running Google’s operating system is huge and is much larger than devices running on the Apple iOS platform.
Additionally, the analysis structure of hosted apps in the Google Play Store has opened it up to some of the more unscrupulous developers currently operating today, as its computer-led selection process does allow malicious apps to be uploaded into the store.
The fact that older versions of Android are still currently in use just increases the system’s vulnerability. Google offers monthly updates that contain security patches, but only for those devices running Android 4.4 and up:
“When a moderate or higher severity security vulnerability in AOSP is fixed, we’ll notify Android partners of issue details and provide patches for a minimum of the most recent three Android releases. The Android security team currently provides patches for Android versions 4.4 (KitKat), 5.0 (Lollipop), 5.1 (Lollipop MR1), and 6.0 (Marshmallow). This list of backport-supported versions changes with each new Android release”, Google.
Don’t get me wrong here, Android is still a very secure operating system. Since it’s an open source project, many developers are continuously doing system maintenance. However, the fact that it’s so popular and it has an absurd fragmentation does make it vulnerable to attack.