Go to listing page

Top Chinese Android Vendors Ship Pre-Installed Malware in Smartphones

Top Chinese Android Vendors Ship Pre-Installed Malware in Smartphones
Over the last several years, Chinese Android mobile devices have gained a lousy reputation regarding user privacy. Heaping on that, a recent study revealed the existence of pre-installed malware in top-of-the-line Android mobile devices sold in China.

Study analysis: worrying depiction

Android smartphones from three of the most popular vendors in China—OnePlus, Oppo Realme, and Xiaomi—were analyzed by the experts. 
  • They revealed that several systems apps, vendors’ own apps, and third-party apps had unauthorized and unnecessary privileges that could affect a phone owner’s privacy.
  • The apps were capable of stealthily exfiltrating specific types of sensitive data from devices, including system info, phone numbers, app usages, GPS coordinates, network-related identifiers, social relationships, and call history - all without a user’s consent.
  • The data harvested would be collected by the device vendor and unrelated Chinese mobile network operators such as China Mobile and China Unicom.

Researchers, in their experiment, used static and dynamic code analysis techniques to study the network traffic and data transmitted by the pre-installed system apps.

Security risks multiplied

The study highlights the internal user data privacy risks faced by the world’s largest Android market. 
  • The number of pre-installed system apps on the Chinese OS distributions is three to four times more than the corresponding Global Android OS distributions from the same OS developers.
  • The preinstalled third-party apps on the Chinese OS distributions are given eight to 10 times as many permissions as on the Global Android OS distributions.

The bottom line

Globally, China’s stance towards data privacy has been debatable, as the recent data privacy laws sanctioned by China impose restrictions on private firms, but not state agencies. At the same time, the communication industry needs strict legislation towards maintaining privacy controls and security standards to keep device manufacturers in tandem with users’ privacy.
Cyware Publisher

Publisher

Cyware