When you buy an Android smartphone, you rarely have installed a pure version of the Google operating system . Unless you buy a Pixel or a device from the Android One program , you will have to deal with mobile phones full of software and apps made by third-party developers who, on more than a few occasions, can be full of vulnerabilities.
In cases like these, all the safety precautions you can take and all the tools present within the operating system have virtually no value . The hackers will have an easy to exploit one of these vulnerabilities, even before you smartphone purchases. Thus, from the first power on, an attacker could be able to exploit these vulnerabilities and access information in the device’s memory.
A more frequent scenario than you can imagine. Kryptowire, a company active in the field of information security, has just released a report on vulnerabilities inherent in the Android firmware funded by the US National Security Department. From this report it appears that the devices of as many as 29 manufacturers – most of them Chinese, but there are also several big names – are affected by 150 vulnerabilities, some of which are quite dangerous.
Android vulnerabilities more dangerous than the infected apps: what can happens?
As pointed out in the Kryptowire report, the vulnerabilities discovered in the apps pre-installed on smartphones are much more dangerous than the infected applications in the Play Store . The reason is easy to say: these last apps, in the vast majority of cases, can be removed and, with them, also the vulnerability or the malware they carry with them. The so-called bloatware, on the other hand, are installed at the operating system level and can hardly be deleted by the user. Even if the factory settings were to be reset , the system app vulnerability will still be reinstalled in the device. In short, a problem apparently without solution.
Which smartphones are in danger
According to the Kryptowire report, as many as 29 smartphone manufacturers are delivering devices with vulnerabilities of all kinds into their customers’ hands. Most of the devices made and sold by these producers contain these bugs and, as seen a little above, there is very little that users can do.
In the list we find little-known producers like Advan, Allview, Evercross, Tecno and Walton, but also brands of the level of Xiaomi, Asus, Samsung and Sony . Adding the devices sold during the year only by these four producers easily exceed 130 million devices in 2019 alone . Potentially, there are hundreds of millions, if not billions, of smartphones at risk . A danger far beyond what any infected app on the Play Store can potentially reach.