Critical bugs detected in apps pre-installed on Samsung, Xiaomi phones
If you use an inexpensive Android phone with plenty of pre-installed bloatware, better start using an anti-virus. A new DHS-backed study, conducted by security firm Kryptowire, has flagged a big bunch of critical security loopholes in more than 100 apps offered by smartphone manufacturers, pre-installed on their devices. Evidently, the issue has triggered another wave of concerns regarding smartphone security. Here's all about it.
146 pre-installed apps with 140+ vulnerabilities
The folks at Kryptowire analyzed the behavior of several Android apps to determine the state of manufacturer-installed software and firmware on phones. They found out more than 140 critical vulnerabilities in as many as 146 pre-installed apps offered by 29 smartphone makers, including some big names in the industry. They also noted that most of the "bad apps" were installed on inexpensive devices.
What these apps were capable of doing?
The researchers found that the vulnerabilities in question could have a serious impact on the privacy of a user - if exploited. This included a range of things such as turning the microphone on for spying on users or establishing a remote connection with a malicious server and transmitting data from the phone without the explicit permission of the user.
Surprisingly, these apps were offered by some leading phone makers
While the report didn't name the vulnerable apps in question, it did mention the brands that made the devices offering these services. Now, the surprising bit is, this list doesn't just include low-key smartphone brands like Cherry and Cubot but also some big industry leaders like Samsung, Sony, Xiaomi, and ASUS. Notably, Samsung devices had 33 vulnerable apps while Xiaomi had 15.
No word on the action taken
The report from Kryptowire highlights a major threat that budget phone makers are facing, but there's no clarity on how the smartphone makers would deal with this issue. Neither Google nor the smartphone companies have commented on the matter, but we hope that soon the involved parties would take the issue into notice and take necessary action to keep their customers safe.
What Google can do in this case?
"Google can demand thorough code analysis and vendor responsibility for their software products that enter the Android ecosystems," Kryptowire CEO Angelos Stavrou told CNET. "Legislators and policy makers should demand that companies are accountable for putting the security and personal information of end-users at risk."
