Android users are well aware of the number of apps that come pre-loaded with a brand new phone and most of these apps stay unused throughout its lifetime. Another major reason why these apps are left as such by the users is because it is often hard for the users to remove it and they rarely get updated.
Recently, security researchers conducted a study on several phones and found that many of these apps turn out to be vulnerable. The U.S Department of Homeland Security has been funding the security firm Kryptowire to study the security shortcomings and run tests on 29 different mobile vendors. Note that, majority of these vendors are not mainstream but there are few big names like Samsung, Asus, and Sony.
A dozen security vulnerabilities were revealed by the security firm, including apps that can install other apps, tools that can record audio and even apps that can affect your system settings. Also, many of these vulnerabilities can only be triggered if these pre-installed apps are present in the system.
According to Wired, Google is quite aware of the vulnerabilities and had launched a program called Build Test Suite (BTS) last year that all partner OEMs must go through. BTS works by scanning the firmware of a device and look for any potential threats or security issues amongst the pre-installed apps and flags any bad app as Potentially Harmful Applications (PHA’s).
But Google is alone in this fight and a single automated system has its limitations when it comes to catching such applications. Whenever a threat sneaks into the system, there’s no assurance that a security patch will ever arrive in the case of these low-end devices.