Low-Priced Android Phones Come With Malware Apps Already Installed
By: Jim Stickley and Tina Davis
January 7, 2020
Android smartphone users looking to save money on their device may be paying a higher price for their data security. Recent research finds preinstalled apps on cheaper Android phones may be infected with malware. The Android Open Source Platform (ASOP) operating system installs low-cost alternatives to Google’s full mobile operating system which does indeed lower the phone price tag. But research finds that smartphones running on ASOP may have as many as 400 infected apps preinstalled. Simply powering-up a new smartphone can put millions of Android owners in the hands of the hackers who infect these apps.
When malware comes preinstalled on a device, hackers don’t have to resort to email phishing and other tactics to infect a device. In other words, their work is already done for them. Google’s Project Zero, created to find security flaws, found more than 200 device manufacturers have preinstalled infected apps. Just some of the malware found on these Android’s are capable of fraudulent advertising, downloading plugins, and installing background apps. They can also get permissions to data and then send that data to hackers. Chamois, a malware botnet found preinstalled on 7.4 million Android devices, charges premium rates when sending texts, for example.
In 2018 alone, there were over 205 billion mobile apps downloaded worldwide. Since apps have long been a source of malware, where you get them from can make the difference between downloading an infected app and one that’s not. Both Google and Apple recommend always purchasing or downloading free apps from their official stores. Both investigate apps for malware before making them available to the public. Yet despite their actions, some infected apps can still get through. However, purchasing and downloading apps from third party sources—sideloading—means there are not necessarily additional malware checks on those apps. That greatly increases the odds of installing an infected app and then having to deal with the consequences.
Consumer education goes a long way preventing many types of attacks. Aside from downloading apps from official sites, pay close attention to the requests for data that apps ask for. A commonsense approach is important, as many apps request data permissions they have no reason to collect. If you’re not sure about the data you’re being asked for, error on the side of caution and deny the request. It’s always better to go back later and give it permission when you are doing something specific with the app. Be your own detective and investigate the apps preinstalled on your device and always check reviews for apps you intend to download. Also, update your apps as soon as possible as updates often address security flaws. Should there be apps you know you don’t need or want, don’t hesitate to delete them. Overall, remember that when downloading apps, data is always safer when denied and not supplied!