Toxic Hellstew: 146 new vulnerabilities all come preinstalled on Android phones

Brian Barrett for Wired:

When you buy an Android smartphone, it’s rarely pure Android. Manufacturers squeeze in their own apps or give it a fresh coat of interface. Carriers do it too. The resulting stew of preinstalled software and vanilla Android sometimes turns out to be rancid, putting flaws and vulnerabilities on the phone before you even take it out of the box. For proof of how bad it is, look no further than the 146 vulnerabilities — across 29 Android smartphone makers — that have just been simultaneously revealed.

Yes, that’s 146, all discovered by security firm Kryptowire and detailed one by one in a new gargantuan disclosure. Most of the implicated companies operate primarily in Asia, but the list includes global heavyweights like Samsung and Asus as well.

The vulnerabilities Kryptowire turned up, in research funded by the Department of Homeland Security, encompass everything from unauthorized audio recording to command execution to the ability to modify system properties and wireless settings… It’s one thing if you fall for a shady Fortnite download. At least that was a choice you made, and you can also uninstall it. The vulnerabilities Kryptowire found are often preinstalled at a system level, with no way to purge them from your device.

MacDailyNews Take: If it’s not an iPhone, it’s not an iPhone. It’s a knockoff assembled by a South Korean dishwasher maker or worse.

[Thanks to MacDailyNews Reader “TJ” for the heads up.]

5 Comments

  1. Exchanging “Windows” for “Android” and the story seems familiar.

    To no disrespect to any readers using Android, but people buy this stuff…for what reason besides price?

    1. Not sure price has much to do with it! Samsung folding phone $2500….lol Old style thick looking flip phone coming from from Motorola is $1500. iOS 13 helps free you from the Apple prison.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.