Until recently, the threats posed by preinstalled applications have been overlooked by Android security researchers. While preinstalled apps have long been regarded as a nuisance or “bloatware” by consumers, they represent a genuine security risk to high threat mobile users (users that may be targeted by nation-state actors including government employees).
Many commercial Android smartphones ship with hundreds of preinstalled apps. These apps are developed by OEMs, mobile operators, and a wide range of application developers and are “preinstalled” by Android OEMs on smartphones coming out of the factory. Like apps distributed via app stores, pre-installed apps also incorporate software libraries developed by an even broader range of third parties, with some devices containing up to 2,000 “preinstalled libraries.”
Pre-installed apps represent a real security risk because:
- They have been found to contain vulnerabilities that can be leveraged by malicious third parties (e.g., to install apps, to record audio, to modify system properties, etc.),
- Many of the third-party libraries embedded in preinstalled apps are provided by ad networks, analytics services, or social network providers. These libraries leak sensitive data and meta-data to the provider and their customers,
- They are difficult to reverse engineer and analyze for security threats,
- The developers of preinstalled apps and third-party libraries are often difficult to ascertain, and
- Preinstalled apps can only be removed by: (1) rooting the device and re-flashing the system partition, or (2) an OEM firmware update.
In fact, Google noted in its “Android Security and Privacy, 2018 Year in Review” that attackers have increased their efforts to attack Android devices via (1) preinstalled apps and (2) preinstalled apps bundled with firmware updates. Google believes that the drivers for this increased effort are:
- An attacker only has to deceive one supply chain participant, rather than a large number of users, to broadly distribute an attack,
- Preinstalled apps are often granted privileged access to the Android operating system making it easier to execute malicious behavior that would otherwise be blocked by the Android permissions model, and
- Improvements in Android security have made make it more difficult to implement standard cyber-attacks (e.g., remote code execution and privilege escalation attacks).
altOS is a secure mobile platform for government users that eliminates the threat posed by preinstalled apps. This is accomplished by:
- Replacing the OEM customized version of the Android operating system on smartphones with one developed by CIS Mobile specifically for high threat mobile users. In doing so, we can eliminate any pre-installed apps that were present on the device, and
- Providing security updates and an on-premise OTA update server that enables our customers to directly control and distribute updates to their devices rather than relying on and trusting Android OEMs to provide updates without preinstalled apps or other potential supply chain attacks.
In addition to eliminating preinstalled apps on devices, altOS provides a wide range of additional benefits, including embedded device and container-level management, anti-forensic capabilities, and the flexibility to address a variety of mission-specific functional and security requirements.