Google has made significant progress in removing malware from the Play Store, but a recent Black Hat presentation from a Google Project Zero researcher has highlighted the fact that many devices come with malicious pre-apps. -installées.
Maddie Stone, who previously worked for the Android security team and is still part of Project Zero, revealed that it is almost impossible for users to defend themselves against malware pre-installed on their devices.
Android devices now come with 100 and 400 apps and a cybercriminal only needs to subvert one of these apps to infect a device before it even falls into the hands of ################## ################################################### ################################################### # 39, a consumer.
This problem has become particularly problematic on cheaper smartphones using the Android Open Source Platform (AOSP), as opposed to the licensed "Android" version of Android used by major brands.
Supply chain security.
Stone pointed to several cases found during his work with the Android security team, including an anti-fraud botnet called Chamois, capable of infecting at least 21 million devices by 2016.
This malware was more difficult to overcome than expected, as Google realized in March 2018 alone that the malware was pre-installed on 7,4 million affected devices. The company has managed to reduce the number of pre-installed chamois to one-tenth of this level by 2019, but other supply chain security issues have also been identified.
For example, 225 device manufacturers left diagnostic software on your device that provides remote access through the back door, changed the Android Framework code that allows spyware-level logging, or installed applications that were configured to bypass security. Of the device. Google Play Protect. Although some supply chain security issues were inadvertently reported, the threat was dangerous enough that Google assigned a CVE number and released a kink prevention review earlier this year.
According to Stone, it is much more difficult to solve the problem of malware in the supply chain than to remove unwanted applications from the Google Play Store, because detection must be lower than that of traditional security applications. Now that this question has been cleared up, Stone would like further third party research on this level of software.