Security firm Kryptowire claims that it has uncovered 146 vulnerabilities in pre-installed Android apps across 29 different vendors.
“To quantify the exposure of the Android end-users to vulnerabilities residing within pre-installed apps and firmware, we analyzed a wide range of Android vendors and carriers using devices spanning from low-end to flagship,” said Kryptowire.
“Utilizing Kryptowire’s automated firmware scanning tools we are able to provide up to date detection of these vulnerabilities as new firmware and devices are introduced into your organization. ”
The vulnerabilities found by Kryptowire vary from apps that can be used to install other malicious software, to those which can modify system properties.
Samsung was the worst affected, according to Kryptowire’s findings, with 33 issues found pertaining to its devices. According to the report, other vendors that had many issues include ASUS and Xiaomi.
Google’s preventative measures
Google launched the Build Test Suite (BTS) in 2018, which scans all devices’ firmware for known security issues that may be hiding within pre-installed apps.
“Anytime BTS detects an issue we work with our OEM partners to remediate and understand how the application was included in the build,” said Google.
“This teamwork has allowed us to identify and mitigate systemic threats to the ecosystem.”
When asked by TechCrunch for comment on the Kryptowire report, Google said that it appreciates assistance from researchers.
“We appreciate the work of the research community who collaborate with us to responsibly fix and disclose issues such as these.”