During the Black Hat security conference in Las Vegas last week, Google's Maddie Stone (via Forbes) warned participants of the dangers inherent in pre-installed apps. Stone, a security researcher with technology giant Project Zero, pointed out that malicious actors are entering the supply chain. She said, "Having malware or security issues as preinstalled apps can do more damage, so we need to do so many checks, audits, and analyzes." Why is this step potentially more harmful for Android users? Because the attackers "only have to convince a company to include the app, rather than thousands of users." According to Stone, most Android devices typically come with 100 to 400 apps pre-installed.
The security researcher mentioned two specific malware attacks, Chamois and Triada, during their presentation. The former sells fraudulent ads, sends text messages that generate revenue, installs background apps and plugins. The latter is an older version of malware that also serves ads and installs other apps. Google has reviewed preinstalled apps, and Stone states that the number of Chamois infected devices has been reduced from 7.4 million to 700,000 from March 2018 to March of this year OEMs and customizations: If you're able to get the supply chain right from the beginning to infect, you already have as many infected users as devices that sell them. That's a scary reason. "- Maddie Stone, security researcher on Google Project Null
Some infected apps can hide their presence on a phone.
These infected preinstalled apps, while already bad enough to ship with a new device, need Android users however, when installing an app, use common sense from the Google Play Store Read the comments before downloading an app from an unknown developer If the app is infected with malware, you will usually find a number of user complaints who have already installed the title and had to deal with some unusual issues, for example, Google removed 29 camera beauty and filter apps from the Play Store earlier this year after they were found to contain malware and photos taken by the user, but also show full-screen ads Considering downloading these apps to his phone would have been discouraged if he had looked at the comment areas for most of those titles. An Android user who downloaded one of the infected apps warned others by writing, "Please do not download, if you download them, your phone will be hacked." Another user said that while he deleted the app and stopped listing it in his list of installed apps, he still received the ads he published.
Reading the comment section before installing an app from an unknown developer may save you some sorrow
Many malware-infected apps can hide their presence on a single phone. The icon may not appear anywhere on the device. However, this does not mean that they can no longer show ads on the device, or generally interfere with a phone owner's ability to use his handset. And any kind of app can hide evil intentions. Even something as innocuous as a background app can contain malware. You may recall that Google removed these apps from the Android app store two years ago after infecting 21 million cell phones. In this case, a specific attack called ExpensiveWall has been "packaged" into these apps so they can not be scanned by Google. These apps send premium text messages for which users have paid a fee and have registered them for other payment services without their knowledge or consent.