Chinese mobe market suffers pre-pwned Android pandemic
Amazingly, it might not even be the Chinese government causing it
Security researchers have discovered more examples of pre-installed malware on Android smartphones.
G DATA found that more than two dozen phones from different manufacturers were already compromised straight out of the box.
Kit from manufacturers including Huawei, Lenovo and Xiaomi have pre-installed espionage functions in the firmware. G DATA suspects that middlemen modified the device software to steal user data and inject their own advertising to earn money.
Other possibilities include unintentional infection through compromised devices in the supply chain (a problem which affected Vodafone Spain back in 2010) or intentional interference by government spies. Many of the models implicated in the malfeasance sell well in China.
The pre-pwned device issue has become a perennial problem for privacy-conscious smartphone users. Sticking to the Play Store, avoiding dodgy websites and following common-sense security precautions are no help in such cases.
Back in March, Bluebox Security found pre-installed malware on a Xiaomi Mi4. Xiaomi responded by saying the compromised devices were high-quality counterfeits. Regardless of blame, the incident illustrated the general risk, more examples of which are not hard to find.
Late last year Palo Alto Networks discovered that high-end Androids from Coolpad came pre-pwned with the CoolReaper malware. Although little known in the West, Coolpad is the third largest smartphone manufacture in China. ®
A hat-tip to reader David L for the heads-up about the latest research about pre-infected Androids.