The Dangers of Preinstalled Applications on Android

The Dangers of Pre-installed Applications on Android

The Dangers of Preinstalled Applications on Android

Until recently, the threats posed by preinstalled applications have been overlooked by Android security researchers.  While preinstalled apps have long been regarded as a nuisance or “bloatware” by consumers, they represent a genuine security risk to high threat mobile users (users that may be targeted by nation-state actors including government employees).

Many commercial Android smartphones ship with hundreds of preinstalled apps.  These apps are developed by OEMs, mobile operators, and a wide range of application developers and are “preinstalled” by Android OEMs on smartphones coming out of the factory. Like apps distributed via app stores, pre-installed apps also incorporate software libraries developed by an even broader range of third parties, with some devices containing up to 2,000 “preinstalled libraries.”

Pre-installed apps represent a real security risk because:

In fact, Google noted in its “Android Security and Privacy, 2018 Year in Review” that attackers have increased their efforts to attack Android devices via (1) preinstalled apps and (2) preinstalled apps bundled with firmware updates.  Google believes that the drivers for this increased effort are:

altOS is a secure mobile platform for government users that eliminates the threat posed by preinstalled apps.  This is accomplished by:

  • Replacing the OEM customized version of the Android operating system on smartphones with one developed by CIS Mobile specifically for high threat mobile users. In doing so, we can eliminate any pre-installed apps that were present on the device, and
  • Providing security updates and an on-premise OTA update server that enables our customers to directly control and distribute updates to their devices rather than relying on and trusting Android OEMs to provide updates without preinstalled apps or other potential supply chain attacks.

In addition to eliminating preinstalled apps on devices, altOS provides a wide range of additional benefits, including embedded device and container-level management, anti-forensic capabilities, and the flexibility to address a variety of mission-specific functional and security requirements.

Share this post