At least 11 popular Android phones in the US come with security vulnerabilities
From all the devices the company examined, there were 25 in which security vulnerabilities were found and 11 of those are sold in the US. All problems were associated with apps that come preinstalled on the devices, and all of them were added either by the manufacturers or by mobile carriers. However, as we reported yesterday, Google itself isn’t always perfect when it comes to security either.
Here are some examples of the vulnerabilities the researchers from Kryptowire found:
The Essential Phone comes with a pre-installed app called “com.ts.android.hiddenmenu.” It could be accessed by any other app on the devices and be used to delete all information that’s on them, including photos, videos and other personal data.
Several ASUS phones: ZenFone 3 Max, ZenFone V, ZenFone 4 Max and ZenFone 4 Max Pro were allowing apps to install unwanted software that could potentially access text messages, Wi-Fi passwords and even make phone calls.
LG’s G6 smartphone had a vulnerability that would allow access to the kernel log. Although this one is less impactful, it can still be used to extract information about the device.
ZTE ZMAX Pro has a “feature” that could allow text messages to be tampered with and even sent without any knowledge of the user. Meanwhile, some apps that come with the ZMAX Champ could be used to force a boot-loop or a factory reset.
Kryptowire has informed all concerned manufacturers and mobile carriers about its findings. Some of the issues have already been fixed, while solutions for others are currently being prepared.
With thousands of different Android devices out on the market and hundreds of altered Android versions, the fight to fix security holes is a never-ending game of whack-a-mole.