Kryptowire found 146 new vulnerabilities in pre-installed Android apps

In a study funded by the US Department of Homeland Security, Kryptowire found a serious security risk from pre-installed applications on cheap Android smartphones. These apps have potentially malicious activity, may secretly record audio, change settings without the user’s permission, or even grant new permissions to themselves.

With the help of new tools, Kryptowire was able to scan for vulnerabilities in the firmware without touching the phone’s body. In the end, 146 security risks were found on the Android devices of 29 manufacturers. When asked about a software security survey specifically for cheap Android devices, Kryptowire CEO Angelos Stavrou explained in an email that this has a direct bearing on Google’s attitude toward product management.

Google can demand more thorough code analysis and vendor responsibility for their software products that enter the Android ecosystems,” Stavrou said in an email. “Legislators and policy makers should demand that companies are accountable for putting the security and personal information of end-users at risk.”

In response, Google also said in an email that “We appreciate the work of the research community who collaborate with us to responsibly fix and disclose issues such as these.”