Preinstalled Android apps are harvesting and sharing your data

April 3, 2019
Android apps

Our Mobile Application Monitoring team has been wary of the trend that mobile appstores including iTunes and Google Playstore has been getting malicious apps in their store. Now the deception of Android apps continue, up to the point that it has reached the stage where it has been pre-installed by your Mobile Phone vendor. Classy move to sell your smartphone cheap, yet makes money off your personal information huh?

Numerous Android phones ship with software that has been pre-installed by their respective smartphone vendor. Researchers at IMDEA Networks Institute, Universidad Carlos III de Madrid, Stony Brook University, and ICSI scanned the firmware of more than 2,700 consenting Android users around the world, creating a dataset of 82,501 pre-installed Android apps.


What data are these Android apps collecting?

Primarily the preinstalled applications sniff out geolocation information, personal email, phone call metadata and contacts, but some of them even monitored which applications users installed and opened. In many cases, personal information was directed straight back to advertising companies.

A considerable number of preinstalled applications gather and communicate information using custom permissions, approved by the smartphone vendor or mobile network operator, which empowered them to perform activities that ordinary applications cannot do.

Examples included preinstalled Facebook packages, some of which were inaccessible on the ordinary Google Play store. These naturally downloaded other Facebook software, for example, Instagram, the researchers said. They likewise discovered Chinese applications exposing Baidu’s geolocation information, which could be utilized to find users without their consent.

The researcher’s analysis recommends that a significant number of these applications might utilize custom permissions like these to harvest and exchange information as a major aspect of pre-defined information trade understandings between organizations:

The researchers likewise discovered malware libraries installed in some preinstalled software. One such library, called Rootnik, can pick up root access to a device, spill by and by recognizable information, and install extra applications.


How do these apps make their way onto Android phones?

There are a few contributing elements. First is that Google permits third-party companies to package and preinstall applications that they see fit onto their own versions of Android. In many cases that process is far from transparent.

The second worsening issue is that huge numbers of the applications that endure this process are self-signed. Mobile applications should demonstrate their legitimacy by utilizing digital certificates, yet numerous developers just make their own. It’s a bit like giving your own name as a reference when applying for a job.

A portion of these applications likewise utilize third-party libraries which may contain their own security or privacy issues. By giving custom permissions to an application, a smartphone vendor is additionally giving similar authorizations to the third-party library that is piggybacking on it.

About the author

Leave a Reply