from the no-money-in-fixing-the-problem dept.
Pre-installed apps on low-end Android phones are full of security holes
In what has become an annual reckoning, security research company Kryptowire recently published its 2019 report on the state of manufacturer-installed software and firmware for Android devices and, to no one's surprise, they found more than 140 bugs which could be exploited for malicious purposes.
The DHS-funded report uncovered 146 apps, which come pre-installed on inexpensive Android handsets, would pull shenanigans like eavesdropping through the microphone, unilaterally changing their permissions or surreptitiously transmitting data back to the manufacturer without ever notifying the user.
Kryptowire found these bugs on phones from 29 different manufacturers from relatively unknowns like Cubot and Doogee to marquee companies include Sony. And given that the average Android come with anywhere from 100 to 400 apps pre-installed, often bundled as part of larger app suites, these vulnerabilities pose a growing threat to users.
(Score: 2) by ikanreed on Monday November 18 2019, @04:54PM
"Only we can preinstall security holes into your phones"
(Score: 2) by Freeman on Monday November 18 2019, @05:03PM (1 child)
You get free infection vectors that you can't uninstall, are totally useless and we won't keep up to date. Enjoy!
Joshua 1:9 "Be strong and of a good courage; be not afraid, neither be thou dismayed: for the Lord thy God is with thee"
(Score: 1) by fustakrakich on Monday November 18 2019, @05:43PM
Makes for the perfect burner phone for traveling. Don't ever put your real name on it.
La politica e i criminali sono la stessa cosa..
(Score: 4, Interesting) by jmichaelhudsondotnet on Monday November 18 2019, @05:08PM (3 children)
A black box device by definition cannot be secured by the user to whom it is nothing but a black box.
Low end black box, high end black box, you cannot secure it because you not only do not understand it, but are not allowed to understand it.
Powerful devices that are poorly understood very frequently hurt people.
These 'phones' are hurting people. Calling a modern 'smart' phone a phone is very misleading, you don't know what the device is capable of, so you not only do not know what the device is named, you couldn't figure it out if you had a year to try.
This just demonstates very well the mathematical logic layed out in this essay I wrote on the topic, consider,
https://jmichaelhudson.net/smart-phones-and-wild-bears-2/ [jmichaelhudson.net]
Equations are at the bottom. To my knowledge I discovered them, if I am mistaken I would like to find out sooner rather than later.
(Score: 1, Informative) by Anonymous Coward on Monday November 18 2019, @05:27PM (1 child)
Some people, who care enough to try, are figuring them out. It doesn't appear to take a year, either. Given the resources are in place, and ready to be used, it seems to take a couple days to capture data, then a couple weeks to interpret and test the data, then some time to publish and circulate the data.
(Score: 2) by jmichaelhudsondotnet on Tuesday November 19 2019, @02:16PM
Are they hiring lol
I feel the need, the need for auditing!
(Score: 2) by krishnoid on Monday November 18 2019, @06:58PM
The impossible? Like, mail the corporate headquarters for all these carriers with the list of vulnerabilities and say they're knowingly distributing exploitable software on a freshly delivered phone to their customers, and:
(Score: 1, Insightful) by Anonymous Coward on Monday November 18 2019, @05:23PM
That's why they were installed and uninstallation was disabled in the first place.
(Score: 4, Informative) by Snotnose on Monday November 18 2019, @05:23PM (5 children)
Delete undeletable apps [xda-developers.com]"> I used it to get Facebook off my phone.
Sad we have to resort to such things, yet here we are.
Of course I'm against DEI. Donald, Eric, and Ivanka.
(Score: 2) by Freeman on Monday November 18 2019, @06:40PM (4 children)
The link in your post says without root, but it definitely requires a rooted Android phone.
https://forum.xda-developers.com/apps/l-speed/tweak-l-speed-v1-0-02-02-2015-t3020138 [xda-developers.com]
Joshua 1:9 "Be strong and of a good courage; be not afraid, neither be thou dismayed: for the Lord thy God is with thee"
(Score: 2) by Snotnose on Monday November 18 2019, @06:47PM (3 children)
I didn't need to root my phone to delete Facebook.
Of course I'm against DEI. Donald, Eric, and Ivanka.
(Score: 4, Funny) by krishnoid on Monday November 18 2019, @06:53PM (1 child)
Facebook app: "Right, I'll delete myself right now. Thanks for trying me out! I'm all gone now, totally not here anymore!" <puts on mustache and glasses> <offers plate of supercookies to all other apps>
(Score: 2) by Snotnose on Tuesday November 19 2019, @01:09AM
I fail to see your point. 3 phones ago I was annoyed FB was taking up space that was advertised as mine. Last phone I tried to delete it and couldn't. Fast forward to a cat pushing a phone from a stack of library books into a cuppa tea, and me focusing on the cat instead of the phone.
Last phone was an LG Power X, and after several weeks I wish I had that phone again.
New phone is a Samsung A20, I still wish I had my LG phone, but I did manage to delete the Facebook app. Something I could never never do on my LG phone.
It's been 3-4 weeks, and $200, but I really wish that A) my cat had not knocked my phone into my cuppa tea; B) Not having FB on my phone, disabled o not, is a fucking thing I would pay $200 for.
Of course I'm against DEI. Donald, Eric, and Ivanka.
(Score: 0) by Anonymous Coward on Monday November 18 2019, @11:54PM
Lucky old you....
Ok, so I've also been in that happy position *once*, every other time, it's been marked as a system app and has required me to root the phone to remove it.
As a.n.other poster points out, removing the app isn't actually removing Facebook's tentacles from your phone..it's amazing how 'chatty' to FB domains a 'FB free' phone can be...if the firewall lets it, that is...