Google's secret to a healthy phone? Remote-controlling your apps Google has claimed to have cut Android malware by half. Figures out of Mountain View this week suggest that the prevalence of PHAs (potentially harmful applications) found on Android 9 Pie devices is half the rate seen in its predecessor. Overall, this has fallen from 0.66 per cent in Lollipop to 0.06 per cent in Pie. The …
My neighbor brought me her new Android device she was given through the low income "Obama phone" program as it was exhibitting unusual behavior.
The phone was installing unwanted apps without any user intervention from a third party app host.
I found the culprit(s) to be the factory install "Gallery" application as well as the "OTA update" apps that were installing apps as they pleased.
Uploading the SHA256 sums to Virus Total confirmed that both were malicious with the OTA update app getting flagged by 38 different AV engines..
The phone itself was exhibiting rootkit-like behaviour in that there were many processes running hidden even from the system and logcat errors showed that it didn't recognize several of the processes which accounted for why there were very little processes shown when enabling developer tools.
Just out of curiosity I enabled Google's Play Protects full scanning option and Play Protect said everything was OK.
I did another scan several days later to see if Play Protect would flag any of the apps now that samples had been sent back to Google but the scans still showed all was well.
There is a chance that the Play Protect functionality could have been hampered by the rootkit-like functionality of the device however.
What was concerning to me was that the Google Chrome browser installed on the phone had a factory installed bookmark to the support forum of the wireless company that was distibuting these malicious phones and in the support pages themselves there were several users that had complained to the wireless company representatives including one user that had gone through many of the same checks as I had and posted his findings on the support site.
Representatives from the wireless company did acknowledge the complaints so it is a mystery to me why my neighbor was given one of the infected devices over 9 months after the date of the complaints on the support page hard-coded into the phones Chrome browser.
I tried reaching out to the wirelees company who then referred me to the manufacturer.
The manufacturer has an automated answering machine that refers users back to the wireless company.
It worries me to think of just how many of these dodgy phones are being handed out to the most vulnerable of American citizens.
Please stop perpetuating the myth of the "Obama Phone".
This program (that is still in affect under Trump and is called "Lifeline") started in the mid 1980s under Reagan, expanded in 1996 by Clinton and then updated again by Bush II to cover cellular devices.
In addition the program only covers monthly discounts on service, it does not directly pay for any devices. That said, if a provider who undertakes to deliver service under the program chooses to also give the end user a 'free' phone then there are no rules stopping it.
The FCC further refined the program in 2012 to reduce abuse and waste.
The term "Obama Phone" was created and used by the opposition at the time in an attempt to paint Obama as a president who just gave shit away at the taxpayers expense (which it never did), totally ignoring its roots in two separate Republican administration's.
Interesting note (and something that should be a surprise to no-one), some members of the GOP introduced a bill designed to curtail the Lifeline program; the totally misnamed "End Taxpayer Funded Cell Phones Act" (a lie because tax-payers don't finance the Lifeline program, it comes out the Universal Service Fund and, even if passed, the amount phone owners pay into that fund would not change). The bill got no-where.
So this is no no-more a "Obama Phone" plan than it is a "Trump Phone" plan (funny, no-one's said a bloody word about that).
But I digress.
I recently saw a similarly low-cost phone riddled with malware straight from the factory. Fortunately, it had been purchased by a member of my family for their young child, who could not figure out why it kept making a sound every five minutes though notifications were turned off and that sound wasn't even the sound for notifications. I couldn't figure that out either, but found enough malware that I saw it as my duty to confiscate the device, find a malware-free replacement in a closet, and remove the original from our collective misery.
For this device, the entry points of choice were a to do list app that had been installed in nonremovable fashion and of course the facebook app though probably only half of the malware in that was specifically facebook's fault. That thing was bashed enough times with a hammer before sent to recyclers. Die, unscrupulous android devices, die.
Of course this is the nature of Android. It's openness is that anyone can put it on anything and sell it at a stupidly low price point, subsidised by adverting. Even Amazon do this. People stupid enough to buy these devices, as too stupid to understand how subsidised devices work.
Don't confuse this entry level shite with a proper Android device from a reputable supplier that is part of the Google Play programme.
If I was simply using unwanted apps as an indicator of maliciousness, I would have a long list indeed with the phone I mentioned. I work in security, though not on android. The apps I mentioned were constantly phoning home to various servers that did not seem very happy about telling me what they did. The to do list app scanned as known malware. The facebook app did facebook things as far as I could tell, but did not seem to come from facebook and had a weird version number that I couldn't match with versions of facebook posted to google play. Convinced now?
Amidst these comments, would I be correct to identify a something was missed?
This article explicitly refers to devices using the latest version of Google Android (Pie/9).
There are limited devices which receive/use this operating system, and I wonder how many of the above comments apply.
"This article explicitly refers to devices using the latest version of Google Android (Pie/9)." .......
...... except for the first paragraph in the article which contrasts the malware issues with older versions.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
