Researchers Discover Leaks In Pre-Installed Android Apps [News]

Ads by Google

android virus sickYou may have heard about a recent surge in Android malware. Still, that malware comes in the form of apps. So long as you watch your permissions, you’re fine. Right?

Wrong. Every Android phone comes with some pre-installed apps, and some more than others. A group of researchers at North Carolina State University were interested to know if these apps, which often can’t be uninstalled by the user, contain security flaws. Eight phones were tested including three from HTC (Legend, EVO 4G, Wildfire S), two from Motorola (Droid and Droid X), the Samsung Epic 4G and Google’s Nexus One/S.

All of the phones were found to have security issues due to pre-installed apps. The most serious of these flaws are capability leaks that allow third-party apps to exploit an interface or service in use by another app without making a permission request of its own. Researchers found it would be possible for malware to wipe out data, send SMS messages, and obtain geo-location data by exploiting pre-installed apps.

What can you do to protect yourself from this threat? The researchers don’t provide any help there, though to their credit, they did contact the companies whose phones they exploited in an attempt to provide them with information.

Since these pre-installed apps often can’t be uninstalled by default, the only complete solution is to root your phone and install a custom ROM. However, as the researchers note in their paper, there is no reason why third-party apps could not contain the same flaws they found in the pre-installed apps they researched.

Ads by Google

If you’d like the full story, the paper is currently public. Just be warned – it’s not written for the layman.

From the Web

3 Comments - Write a Comment


Peter Yagmin

I wouldn’t say installing a custom ROM is the ONLY way. If you root your device, you can easily use something like Titanium Backup to freeze or remove bloatware. I do however become concerned with ANY app that requests unnecessary permissions. 

To touch on the other point of Android malware – that’s been completely overblown. You can read my thoughts about that at



It’s sad you have to do something that technically voids your warranty in order to get rid of this crap.


second that

Your comment