Google Warns That Preinstalled Malware Affected Millions Of Android Devices

By Amit Chowdhry ● August 14, 2019
  • In a presentation, Google Senior Security Engineer Maddie Stone pointed out that millions of Android smartphones contained dangerous malware. Here is how Google fixed that problem.

According to Google Senior Security Engineer Maddie Stone, there have been millions of Android smartphones that had dangerous malware preinstalled. And some of that preinstalled malware could end up downloading more malware for committing ad fraud and taking over host devices. 

There are some cases where Android devices are sold with as many as 400 apps preinstalled (also known as bloatware). And many of these apps are not vetted.

In a Black Hat presentation (uploaded to GitHub), Stone pointed out that the risk especially affects Android’s Open-Source Project (AOSP), which is used by manufacturers to sell lower-cost smartphones. The devices that have the Android stamp of approval like Samsung Galaxy and Google Pixel devices are safe from this problem.

ADVERTISEMENT

”If malware or security issues come as preinstalled apps,” said Stone via CNET, “then the damage it can do is greater, and that’s why we need so much reviewing, auditing, and analysis.”

Often times, hackers with malicious intent can persuade one company to include their app rather than having to get thousands of users to download it. Unfortunately, 200 device manufacturers did not pass the test for being safe. Those manufacturers are selling devices that contain malware, which are vulnerable to remote attacks. Some of these OEMs and ODMs were tricked into including malware like Chamois apps by being told it was a “Mobile Payment Solution” or an “Advertising SDK.”

How is Google fixing this problem? As this problem was discovered, Google has been aggressively remediating the situation. This was done through OEM outreach and Google Play Protect Enforcement technology, which automatically disables apps if the user has it enabled. By using these methods, the number of infected devices dropped from 7.4 million to 700,000.