The Enemy within – Bloatware

The Enemy Within

You are aware of security threats like virus, malware, etc… these threats are almost always handled by Google’s security framework. But I am going to talk about a different kind of security threats that you should be aware of; below I am going to explain certain kinds of attack on users privacy and data.

OEM pre-installed apps

 Most of the time the attack is not from outside but from inside, OEMs pre include many apps and services (some of them are hidden) that can silently steal data/personal information from your device. Many of the applications and services pre-included in the device also make the system vulnerable, as bugs this kind of apps can be exploited to get system privilege to malware. Our aim is to make the user aware of this type of stealth attacks put inside your devices.

OEM Partner/ 3rd party Apps

 OEMs make money by including 3rd party/network operator apps in the device, but the user has no idea what all permissions it uses and what all security issues are involved. These apps are not in the play store so it is very difficult to get feedback from other users e.g see this link Pre-installed malware

System signed apps available in play store

OEMs can system sign an app and the app can be distributed through play store. This kind of apps can get system permission without any user acceptance. The screenshot below shows that the TeamViewer app installed from play store has got system permissions. You can see this application has got inject_events system permission and with this permission, the application can do many dangerous things like sending messages and making calls and also steal personal data. (We are not saying that team viewer app does this, but just showing you the potential problem with system signed apps in the play store.)

How can you identify threats and take actions
Popular apps such as package info allow you to identify apps that have dangerous permissions.

Once these permissions are identified you can go to android settings to disable them.

Another common practice used is Kiosking the Mobile device using the software. Kiosk Software creates a lockdown mode where no other applications can be installed. Android Kiosk is very commonly used in B2B.

Cloud-based EMM kiosk is more recent where the kiosk is achieved remotely using a Dashboard with few apps, commonly known as Dashboard Kiosk.