Google’s security research team found out that millions of shiny new Android phones are purchased with dangerous malware that is factory – installed. That is right, malware, not bloatware. Unfortunately, many users trust that their newly purchased smartphones are safe and clean, and nobody suspects that hidden factory – installed malware can download other malware in the background, committing fraud and in some cases taking over the host device.
New phones can be bundled with as many as 400 apps factory-installed, most of which are just plain bloatware.
Maddie Stone, security researcher for Google’s Project Zero says that her team found out that in the case that malware or security issues come as a “feature” straight from the factory, the possible damage is greater and this risk greatly impacts Android’s Open – Source Project (AOSP), which is a low cost alternative to the full-fat version designed for budget phones to keep prices low.
While Google didn’t officially reveal details about the involved brands of phones, it turns out that more than 200 device manufacturers are guilty, featuring some malware that allows devices to be attacked remotely.
Effort from Google
Google is working on helping device manufacturers protect and prevent users from such trouble. Approximations say that the number of infected devices decreased from 7.4 million to “only” 700.000 over the course of a year.
Unfortunately, not even apps from Google’s PlayStore are safe, as some are basically just malware disguised as useful apps. Time will pass and it will all change, but as for right now, users need to keep careful track of what’s happening on their smartphones.