Smartphones, we all have them for comfort, and almost all of us love having them around. And more significantly, most of us love upgrading the ones we have at the moment. Getting your hands on a device with a bigger screen, a better camera and the fastest processor is a painful experience.
But before we get carried away by the things associated with it, you should know that your valuable new device has much more than what meets your eye. If your new smartphone is an android device, there’s a good chance that something harmful must have happened to it, the consumer has been snuck in.
A lot of news about gaps which allow destructive elements have been making the rounds. A number of these have been listed below:
The Consumer Electronics Supply Chain
Globalisation has resulted in a worldwide market for almost everything from raw materials to finished product. The similar case applies to consumer electronics as well. China is a significant producer of silicon which is an essential component of the quality of consumer electronics. And this has led in the modern manufacturing supply chain is very difficult.
Correct traceability of everything that goes into the manufacturing of a phone is very difficult. This is a possible route through which possibly harmful malware could be snuck into your device.
Manufacturing Android Smartphones
Because the Android operating system is open source, Google cannot impose so much control on the manufacturers on what they can do with the OS (operating system). The business model that has permitted Android to achieve its market dominance is precisely what has plagued a lot of Android device with fragmentation, spam-riddled launchers, and unresponsive or non-existent updates.
Each manufacturer and carrier is permitted to custom design the hardware and software of each of the devices. This is the main reason why the market is plagued with such a vast number of Android devices.
Android as a whole has a very open natured software, and regardless of Google’s steps to enhance the platform’s security, there are a lot of clear opportunities for malicious attackers to do their thing because of poor practices and delicate supply chains of manufacturers.
Xiaomi Redmi was once investigated by researchers at Check Point Research (CPR) because of a Wi-Fi service that was made available by them. It was revealed that it did not provide any Wi-Fi service at all. It requested a long list of very sensitive android permissions that had nothing to do with Wi-Fi services.
One of the remarkable permissions that it asked for was DOWN_WITHOUT_NOTIFICATION. The malicious software was found to be downloaded from a Command and Control (C&C) server following a slight delay when the device initially powers up. This malware, which is known as ‘RottenSys’, was able to use an open-source framework called MarsDaemon to hide from the OS (operation system) and keep its processes alive.
Shanghai AdUps Technology
Researchers at a security firm called Kryptowire found out in 2016 that malicious firmware that collected and send information to a Chinese serve every 72 hours was seen on multiple android devices which were sold in the US. By bypassing Android permissions, it was granted access to all your data.
This includes text messages, contact lists, call history with full telephone numbers, unique device identifiers that included the International Mobile Equipment Identity (IMEI) and International Mobile Subscriber Identity (IMSI). All this information led to a Chinese firm called Shanghai AdUps Technology. Although the firm stated that it was an accident and it took steps to remove the firmware, it was made known a year later that they only hid most of the components.
Who do you trust?
Accusations have been made against Huawei after their involvement in security scandals; everyone needs to be on high alert when it comes to picking a phone if privacy is something that you value.