When you buy an Android smartphone, it is rarely purely Android. Manufacturers use their applications or give them a new interface layer. Carriers do it too. A US cybersecurity company has released a report detailing 146 new Android security flaws detected in proprietary applications and services.
Although a vast majority of these services come from Asian manufacturers, some global heavyweights such as Samsung and Asus are included in the synthesis. What’s worrying about this report is that these are pre-installed applications and services, which prevents users from getting rid of the code assigned to their phone. The cybersecurity company is called Kryptowire and was recruited by the US Department of Homeland Security.
Although the severity and scope of the bugs vary (and in some cases, the manufacturers dispute that they pose a threat), they illustrate an endemic problem for Android, a problem recognized by Google. “We wanted to understand how easy it is for a person to enter the device without the user downloading an application,” said Angelos Stavrou, CEO of Kryptowire. “If the problem lies in the device, it means that the user has no options.
As the code is deeply buried in the system, the user can not do anything to remove the offending feature. “rendered harmless by the Android security framework.