Buying a new Android phone is an exciting experience. You can enjoy the new features and new apps on it. Brand new Android mobile phones cost a lot, especially the high-end ones, so you want something that would be a good value for your money. Unfortunately, Google revealed that millions of shiny, new Android phones that have been released in the market are pre-installed with dangerous malware.
There have been several previous warnings about harmful apps being downloaded by users from the Play Store, but this security issue is more serious and more dangerous than the previous instances. Because users are buying a brand new, boxed product, they expect it to be clean and safe. Nobody expects a newly-purchased phone to be laden with viruses and other harmful pieces of software.
Google Warns About New Android Phones Shipped with Malware
Project Zero, Google’s own security research team, found out that millions of new Android phones in the market are loaded with pre-installed malware that can download other harmful software in the background, play annoying ads, steal the user’s money and sensitive information, or even hijack the device.
As an open-source community, Android is a great venue for innovation as it encourages developers to contribute to the growth of the system. But some malicious entities are taking advantage of this setup to hide malware among basic apps that come with boxed devices. According to Maddie Stone of Project Zero, mobile devices come with up to 400 factory-installed apps, most of which are bloatware that users often ignore, thinking that they are part of the operating system.
The problem here is that users are not aware that malware is already installed on their devices. By the time they notice something, it’s already too late. And according to Project Zero, the damage pre-installed malware can do is greater compared to those downloaded during regular use.
What Types of Malware Are Hidden Among Pre-Installed Android Apps?
Researchers from Project Zero warned against two particularly virulent malware: Chamois and Triada. For the past three years, Google found these two types of malware campaigns to be linked to the pre-installed apps on Android devices. Chamois is responsible for generating various cases of ad fraud, installing background apps, downloading suspicious plugins, and sending text messages from the device. Chamois has been found installed in almost 7.4 million Android devices that are meant to be shipped out to stores. Triada, on the other hand, is an older variant of Chamois that also displays pesky ads and installs apps in the background.
Which Android Phones Are Affected?
Google did not disclose which brands of Android phones have pre-installed malware, but more than 200 device manufacturers failed the security test, which means that their devices are vulnerable to attacks. Android-badged devices, such as Samsung and Google phones, are generally safe from this security risk, but the same can’t be said about low-end smartphones running on Android’s Open-Source Project (AOSP). AOSP uses cheaper software alternatives to keep the price down, compromising quality and security in the process.
Attackers usually offer genuine service, then hide the malware in the apps that they offer. Attacking the supply chain provides the attacker easier access to devices because they only have to convince one company to add their app, instead of attacking the users one by one. It is also more effective because users are generally more vigilant against possible malware that they download, not knowing that the phones in the market are already infected — which makes it a scarier prospect.
For the past 12 months, Google has been working with manufacturers in doing tests and screening new phones for vulnerabilities. From March 2018 to March 2019, the screening effort has reduced Chamois infection from 7.4 million to 700,000. It is going to take a lot of work and time to resolve this security issue since Android is a huge community. It would take a concerted effort between Google, the phone manufacturers, and the users to completely get rid of pre-installed malware on Android phones.
How to Remove Malware from Infected Android Phones
When you notice ads popping up out of nowhere (which won’t go away no matter what you do), or you see apps and plugins that you don’t remember installing, then your new phone might be infected with malware. The traditional advice of using an anti-malware app will not work against this new form of attack because the malware has already been installed on your phone before being sold.
Being vigilant about the websites you visit and the apps you download will not help get rid of the malware that has been on your system since day one. Plus, pre-installed apps that are bundled with the operating system are harder to remove compared to regular apps.
So, if you think the phone you just bought is already infected, follow the steps below in order to remove the factory-installed malware:
Step 1: Root Your Device.
Unlike ordinary apps that can be deleted by the regular uninstall process, you need to root your device first to be able to delete pre-installed apps. Rooting your device is a complicated process, so don’t try this if you’re not comfortable with the process or you don’t want to void your warranty. The rooting process varies per manufacturer and device model, so there is no generic step-by-step process on how to do it. But generally, the rooting process is composed of the following steps:
- Unlocking your phone’s bootloader
- Flashing a new recovery to replace your old system recovery with
- Flashing a custom software that will give you root access to your device
Step 2: Backup Your Files.
You need to be prepared in case something goes wrong in any step of the process. Create a backup of your data before proceeding with the malware removal process, so you have something to fall back on if an accident happens. To create your backup, clean up your system first with an Android cleaner app and copy all important files to the cloud or to a backup SD card. You can also use a third-party app to make the backup process a lot easier. Make sure your backup is secure because that will be your life-saver when something happens during the malware removal.
Step 3: Use Bloatware Removal Tools.
There are many bloatware removal utilities on the market today, but the three most popular options are Titanium Backup, NoBloat Free, and System App Remover. Titanium Backup helps you back up your files and uninstall apps, both pre-installed and downloaded from Google Play. NoBloat Free works just like Titanium Backup, except that you can back up your system apps and restore them if you need to. System App Remover, on the other hand, gives you the option to uninstall your apps or move them to your SD card. Depending on the type of removal that you need, all you have to do is install the bloatware removal tool that you prefer to get rid of the pre-installed malicious app.
Step 4: Install a Custom ROM.
If you don’t want to use bloatware removal tools, another option is to flash a custom ROM. However, this requires more work because you need to find out which ROM will fulfill your needs. But once you do, you’ll be left with a stripped-back version of the Android OS that you can completely control.
After getting rid of the malicious pre-installed app, you might need to scan your system for leftover files associated with the malware. These files are usually difficult to access, so you need to use an Android cleaner app to sweep your system clean.
Tips to Prevent Malware from Infecting Your Device
Pre-installed malware on mobile phones is impossible to guard against because the device is already infected since day one. To minimize the chances of buying an infected mobile device, here are some tips you should keep in mind when shopping for your phone.
- Buy from legitimate sellers. Purchase your device only from official or highly-rated sellers. Stay away from shady deals to avoid getting an infected phone. If you’re buying online, check out the reviews and the official website of the online shop.
- Buy from Android-badged brands. Lower-end Android manufacturers rely on cheaper software that might be infected by malware. Android-badged brands, such as Samsung, LG, and Google Pixel, are generally not affected by this issue. So, if you have the budget and you want to stay away from malware-infected devices, you might want to invest in a device from any of these brands.
- Check the pre-installed apps on the device. Before you buy the phone, open the app drawer and see which apps are already installed. The pre-installed apps vary per manufacturer, but you’ll generally see Google apps and apps from the manufacturer. If you see a suspicious app included, you might want to choose another one.
Pre-installed malware on brand new Android phones is a worrying issue because users are unaware that their phones are already infected upon purchase. However, it is not totally unavoidable. Just follow the tips above when shopping for a new mobile phone to stay away from malware-laden devices. But if you’ve already purchased an Android phone with factory-installed malware, rooting your device and using a bloatware removal tool or a custom ROM should help you get rid of the malicious app.