Google has confirmed something many people long suspected this week, which was that Android malware was preinstalled on devices before shipment. Only a select group of Android devices were shown to have preinstalled malware, with the malware in question found in the Triada apps.
Google essentially performed a case study and was able to come to this conclusion pretty easily. Read on to learn more about the hackers and how they were able to get malware onto the some Android devices before they even shipped.
Android Malware Found Preinstalled on Devices Before Shipment
There is a family of apps out there known as Triada and this was nothing but malware. Triada apps would infect the Android device and put a ton of advertisements and spam on that device. Google has just confirmed that Triada apps were being preinstalled on Android devices before they were shipped out. Triada itself was able to figure out how to get onto these Android devices while still at the factory.
That means the Triada malware would be installed before the user even opened the box to their new Android device or installed any apps themselves. Triada was able to do this because it relied on many of the Android manufacturers not having the right skills.
The manufacturers needed to put all of the features on the Android device, but didn’t have the capabilities to do this in-house. These Android manufacturers would then use third-party vendors. The third-party vendors are who the hackers went after in order to get Triada malware onto the Android devices.
Google Admits Third-Party Vendors Used to Install Triada Android Malware
Google said that over-the-air updates also could be used and the updates were also useful in getting rid of Triada from those Android devices. The company stands by how it scans for malware and claims that this new way of installing Android malware was a result of killing off the malware in earlier forms through scans. The good news is that it’s unlikely any Android device you are using was affected by the Triada apps and associated malware.
While Google didn’t say which devices were impacted a Dr. Webb report from 2017 did offer some insight into those devices affected. The Nomu S20, Nomu S10, Leagoo M8, and Leagoo M5 are some of the known devices. It’s definitely troubling that a hacker would use these third-party vendors to get the Triada malware onto Android devices during the manufacturing process. There is a lot of technical sophistication behind this process and malware, which is the most worrying part about this report.
Do You Think Android Malware like Triada is Going to Continue Being an Issue for Google?
Google said that it’s highly important that Google Play Services continue to be on Android devices since Play Services offers features like in-depth scanning for malware. When you look at how the Android ROMs are used and work, third-party code is needed even when it’s a big company doing the manufacturing of those Android devices. There is a program called “Build Test Suite” which Google offers to all OEMs to allow them to scan for various malware such as Triada during the manufacturing process.
Do you think that Triada and other kinds of malware are going to continue to be a problem for Google and Android users in the future? We have told you about countless types of malware infecting Android over the years, and it appears the malware is still able to get through the layers of security Google implements.
What do you think Google can do or should do to help lessen the risk of malware getting onto Android devices? Since this malware is also now happening during the manufacturing process thanks to the use of third-party vendors, do you think it’s harder for Google to control? What steps are you hoping Google take in the future to help prevent these situations? Lastly, do you use any kind of anti-virus or malware protection on your Android device?