Secure Your Android By Disabling Vendor Customized Apps
No matter how careful you are downloading only secure apps onto your mobile, your vendor may have already provided some insecure apps by design, says new research.
In a paper, The Impact of Vendor Customizations on Android Security, researchers Lei Wu, Michael Grace, Yajin Zhou, Chiachih Wu, and Xuxian Jian all from the Department of Computer Science at North Carolina State University looked at ten stock Android images from various manufacturers. Their conclusions are troubling. They write "our results show that on average 85.78% of all pre-loaded apps in examined stock images are overprivileged with a majority of them directly from vendor customizations. In addition, 64.71% to 85.00% of vulnerabilities we detected in examined images from every vendor (except for Sony) arose from vendor customizations." Furthermore, "for most of the manufacturers in our study, these patterns were stable over time, highlighting the need for heightened focus on security by the smartphone industry."
Until the industry responds, consumers -- and enterprises-- are left vulnerable.
Preston Gralla offers a couple of ways to disable so-called "crapware" included with most mobile phones available today.