A report from InfoSecurity Magazine warns us:
Following its findings in 2014 that the Star N9500 smartphone was embedded with extensive espionage functions, G DATA security experts have continued the investigation and found that over 26 models from some well-known manufacturers including Huawei, Lenovo and Xiaomi, have pre-installed spyware in the firmware.
However, unlike the Star devices, the researchers suspect middlemen to be behind this, modifying the device software to steal user data and inject their own advertising to earn money.
“Over the past year we have seen a significant increase in devices that are equipped with firmware-level spyware and malware out of the box which can take a wide range of unwanted and unknown actions including accessing the Internet, read and send text messages, install apps, access contact lists, obtain location data and more—all which can do detrimental damage,” said Christian Geschkat, G DATA mobile solutions product manager.
Further, the G DATA Q2 2015 Mobile Malware Report shows that there will be over two million new malware apps by the end of the year.
G Data’s report is pretty short and worth a read. They discovered just over 1 million different mobile malware samples in the first half of 2015. Let that 1 million number sink in for a minute. How many did they NOT discover yet? How many of those million made it onto your phone? How can you tell?
What you can do
Unless you are tech-savvy and know how to flash fresh phone firmware (say that 10 times fast!), I think the times of buying decent refurbished Android cellphones on eBay are over. At least until this problem is fixed. If you want to save money and buy a used phone, stick to those that are sold directly from the manufacturer or your service provider. Or convert to Apple, whose firmware is much more secure and controlled.
In the meantime, you may want to install anti-malware detection software on your existing phone. Given that so many people access the internet with their phones instead of their desktops these days, and given anti-malware isn’t really too popular yet for phones, I’d guess there are quite a few phones already infected. And like we’re learning with malvertising, you don’t have to even visit a shady website to get infected.
Since a lot of malware is disguised to ride along with regular apps people use everyday, you should delete any regular apps on your used phone and reinstall the right ones from the proper app store. Just because the Facebook app brings up Facebook doesn’t mean someone hasn’t tampered with it. From the report:
A common method is to manipulate a legitimate, popular app such as the Facebook app. All of the usual Facebook functions are available in the manipulated version. Users do not notice the surreptitious access, but the range of functions is expanded by the attached malware, enabling third parties to access the entire device without asking for the user’s consent. The permissions have already been approved by the owner prior to commissioning the device.
It’s not clear that a simple uninstall will do the trick. Better is to arm yourself with anti-malware for phones.