10 million Android devices are preinstalled with malicious code from the factory

Google Project Zero project security expert Maddie Stone warned that about 10 million Android devices from more than 200 manufacturers were found to have installed malware. She declined to disclose the list, but insisted on the Android Open Source Project (AOSP), where Google allowed the use of the Android operating system completely free of charge. AOSP source code is often used on low-cost devices, in return for user safety.

After reaching the users, malicious code will silently download other underground software, then profiteering by displaying ads, stealing information or hijacking the device. Under the cover are manufacturers’ available applications, which make users unaware of their existence, or if there is no doubt and become passive in keeping devices and data safe. personal data.

“Instead of finding ways to seduce millions of people, bad guys just compromise with a few manufacturers that malicious applications will work on millions of devices,” Stone said.

Millions of Android devices are preinstalled with malicious code right from the factory.

According to Forbes , this is the result of Android being an open operating system. It allows manufacturers to easily customize software and install many things out of Google’s control. There are phones from the factory that are pre-installed to 400 applications, many of which contain malicious code but appear as a useful application so easily bypass the censors.

In 2017, Google discovered a malicious code called Chamois on 7.4 million Android devices. Their task is to display advertisements, download plug-ins and background apps, or secretly send messages at high rates. Another malicious code, Triada, has also been discovered on millions of devices, with similar profiteering practices.

Google representative said that by March 2019, they had reduced the number of “victims” of the Chamois from 7.4 million to 0.7 million. However, the Android ecosystem is extremely large, with the participation of many different OEMs, this problem cannot be solved thoroughly.