{"id":22728,"date":"2018-06-11T09:00:40","date_gmt":"2018-06-11T13:00:40","guid":{"rendered":"https:\/\/www.kaspersky.com\/blog\/?p=22728"},"modified":"2019-11-15T06:36:00","modified_gmt":"2019-11-15T11:36:00","slug":"preinstalled-android-malware","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com\/blog\/preinstalled-android-malware\/22728\/","title":{"rendered":"A good reason to avoid cheap Android smartphones"},"content":{"rendered":"

Having decided to buy an Android smartphone, one faces a crazy variety of choices. The number of manufacturers is growing, and there are thousands of opinions about which particular device to choose.<\/p>\n

Customers are so overwhelmed with all these choices that for most of them, price becomes the main \u2014 and sometimes the only \u2014 deciding factor. And that\u2019s where smartphones from less-known manufacturers come in: They promise the same features and quality for half the price of what well-known brands offer. Understandably, it\u2019s hard not to be attracted by these generous offerings.<\/p>\n

You know what, though? It\u2019s not that simple. Quite often, when you buy a smartphone like that, you also get some hidden extras \u2014 for example, some preinstalled malware<\/a>. Here\u2019s what\u2019s going on.<\/p>\n

<\/strong><\/p>\n

Trojan in a poke<\/h2>\n

<\/p>\n

Android\u2019s big advantage is that it\u2019s a very flexible mobile platform, which makes it popular among developers. Google develops the core software, but any manufacturer can customize it and fill a smartphone with its own native apps<\/a> to make its products stand out.<\/p>\n

Some of that native software is system apps \u2014 apps installed by the manufacturer in the \/system\/app or even the \/system\/priv-app (priv for \u201cprivileged\u201d) folder in an Android device, that cannot be uninstalled by the user. All well and good, but when you add a profit motive, the picture gets a bit murky.<\/p>\n

In theory, a manufacturer can fill the system\/app (or \/priv-app) folder with whatever it thinks customers might find useful. In practice, manufacturers use the opportunity to earn an extra buck, for example, by charging app developers to preinstall their apps. And sometimes, willingly or not, smartphone manufacturers fill the folder with malware.<\/p>\n

Preloaded malware can show you ads you can\u2019t avoid, or collect your personal data to sell to third parties \u2014 or combine the two intrusions, showing you ads based on that data. It all helps decrease the final price of the device. Nice business model!<\/p>\n

A preloaded Trojan that allowed criminals to overlay ads over the OS was found<\/a> on devices made by relatively big developers such as ZTE, Archos, Prestigio and myPhone. Another investigation found that OnePlus<\/a> and BLU<\/a> smartphones were preloaded with spying software that was collecting sensitive personal data and sending it to the manufacturers\u2019 servers.<\/p>\n

Funnily enough, most of the manufacturers we mentioned are listed as certified partners<\/a> on the Android official website. That means that preinstalling malware is becoming something of a common practice, and you can\u2019t simply rely on a well-known manufacturer\u2019s honor.<\/p>\n

<\/strong><\/p>\n

Buy \u2014 but verify<\/h3>\n

<\/p>\n

To minimize the risk of purchasing an infected device, or at least to identify a device that will show you advertising in practically every app and collect your personal data without your permission after the purchase, we highly recommend the following:<\/p>\n