There’s a flow of Android malware that those who settle for pretend iPhones cannot defend themselves against: malicious apps that have been factory pre-installed, according to a Black Hat presentation by Google Project Zero researcher Maddie Stone.
It starts with the sheer number of apps that now come with Android devices out of the box – somewhere between 100 and 400.
Criminals only need to subvert one of those, which has become a particular problem for cheaper smartphones using the Android Open Source Platform (AOSP) as opposed to the licensed ‘stock’ Google version that powers better-known brands.
She cited several instances encountered while doing her old job on Google’s Android Security team, including an SMS and click fraud botnet called Chamois which managed to infect at least 21 million devices from 2016 onwards.
The malware behind it proved harder to defeat than anticipated, in part because the company realised in March 2018 that in the case of 7.4 million devices the infection had been pre-installed in the supply chain.
MacDailyNews Take: The toxic hellstew roils unabatedly. Google’s “Android Security” team is a comical oxymoron right up there with “Microsoft Works.”
[Thanks to MacDailyNews Reader “theloniousMac” for the heads up.]