If you’ve bought a new smartphone sometime in the past ten years, you know that it comes with pre-installed apps that you can’t actually delete. They take up space on your phone, half the time you don’t use them and, more likely than not, you just want most of them gone.
Unfortunately, those apps are more than just a nuisance. They could actually pose a huge security threat.
TechCrunch recently reported that, according to a study done by mobile security app company Kryptowire, those pre-installed apps have huge security holes that leave you vulnerable to many different kinds of hacks. The study, funded by the US Department of Homeland Security, tested twenty-nine different vendors’ mobile phones. What they discovered were 146 common vulnerabilities and exposures, or CVEs.
Also of note: Many of the vendors were less well-known names, but other larger companies made the list. Asus and Samsung actually topped the list as two of the more vulnerable device options.
So, what are the vulnerabilities?
The 146 vulnerabilities were separated into seven categories: System Properties Modification, Wireless Settings Modifications, Command Execution, AT Command Execution, App Installation, Audio Recording and Dynamic Code Learning. All of these technical phrases boil down to this: Someone is able to make changes to your phone remotely, take data off your phone and record you without your permission.
How are the vulnerabilities happening?
You’re actually not necessarily aware of all of the pre-installed apps that your Android device has. According to a Google researcher, as stated in the organization’s 2018 Android security report, most Android devices today come with anywhere between 1oo to 400 pre-installed apps. The problem with this is not necessarily the number of apps, though it’s a lot. It’s that those apps weren’t necessarily made by the same company who made the device.
So, let’s say that Asus is working with an outside company to produce an app that will go into every phone that an Asus user buys. Asus is giving that outside company leeway as to how that app can act on the phone by allowing things like automatic updates. This might never be an issue, but it also may just as well be that the app producer might not have the best intentions at heart — and that automatic download that just happened may have allowed them access to your microphone.
Is there anything you can do about it?
Free access to your phone is a frightening thought. It puts you and your sensitive data in jeopardy. And while some people may say that the best way to get rid of your security risks is to get rid of your Android, that truth is that your biggest alternative, Apple devices, had a terrible year in terms of security as well.
If you’d like to stay an Android user, here’s a few things that you can do to protect yourself:
- Delete any apps that you are able to delete. This includes any pre-installed apps that you’re allowed to delete. Also, stop downloading apps as much as possible and thoroughly vet all apps you do need. Some apps that you get from places like the Google Play store have been shown to be data harvesters.
- Use your VPN. A VPN can encrypt your internet connection, which can help keep your data private.
- Try using a (vetted) add-on to your browser to protect yourself from malware.
- Secure your settings as best as possible. The settings that your phone comes will may allow unwanted changes.
- For messages that you don’t want others to see, considered getting an encrypted messaging service, like Signal.
Stay safe out there, Androids!
JackieMichele is writer and marketer living in the San Francisco Bay Area. Her work has appeared on Yahoo, Food and Wine and the Huffington Post. She’s been an editor, an influencer strategist and ghostwriter, a librarian and a teacher. Follow her Instagram at @jackie_gualtieri and contact her via firstname.lastname@example.org.