Thousands of Android and Samsung Pre-Installed Apps Come With Hidden Backdoors, Study Claims

webby

Administrator
Admin
Toys For Tots
55,469
23,791
Thousands of Android and Samsung Pre-Installed Apps Come With Hidden Backdoors, Study Claims

A total of 150,000 apps have been analyzed using a tool called InputScope. Out of these, 12,706 apps were found to have presence of backdoors.

A new study claims that thousands of Android apps may come with input-triggered secrets such as backdoors and blacklists of unwanted items. A total of 150,000 apps have been analyzed using a newly developed tool called InputScope. Out of these, 12,706 apps were found to have presence of backdoors, and over 4,028 apps seem to be checking for blacklisted words. From the 150,000 apps, 100,000 apps were from Google Play Store and 30,000 apps were pre-installed ones on Samsung phones.

The new study comes from researchers at Ohio State University, New York University, and the Helmholtz Center for Information Security (CISPA). These researchers analysed these 150,000 apps using an analysis tool called InputScope. This tool helped in automatic detection of both the execution context of user input validation and the content involved in the validation to automatically expose hidden functionality. As mentioned, the pool of apps had Android apps from Google Play Store, pre-installed apps from Samsung phones, and 20,000 apps from Chinese market Baidu as well.

The test uncovered 12,706 mobile apps containing backdoor secrets and 4,028 mobile apps containing blacklist secrets. Undocumented backdoors include secret access keys, master passwords, and secret privileged commands, and blacklists of unwanted items include censorship keywords, cyber-bulling expressions, and weak passwords.

The study also showed that pre-installed apps showed more unethical backdoors behaviours than other apps. The percentage of undocumented backdoor instances on pre-installed apps was around 16 percent, while Google Play Store apps were at 6.8 percent. Baidu apps were at 5.3 percent – the least of the lot. For blacklisting, 4.5 percent of apps were from Baidu, 3.9 percent apps were from pre-installed apps, and 2 percent apps were from Google.

These secret backdoors and blacklists on apps can allow for remote login, reset user passwords, stop users from accessing content, and let hackers bypass payment interfaces. All of these exist without any user knowledge, and this poses as another great threat in the chaotic Android ecosystem.

https://gadgets.ndtv.com/apps/news/...acklisting-study-finds-2208147?pfrom=topstory
 
  • Thread starter
  • Staff
  • #4
your favorite company was also in the news

Facebook tried to buy NSO Group's iOS spyware to monitor iPhone users


Notoriously controversial NSO Group have released court documents that show Facebook had attempted to purchase a powerful piece of spyware known as Pegasus. Using Pegasus, after a user clicked a seemingly innocuous link received through a message, the target device would be jailbroken, and malware would be loaded to monitor and steal data. The data is exported, giving users —or Facebook in this case —access to sensitive user data.

Data harvested includes all messages and photos, login information, plus data concerning the entire history of the phone's location.

Allegedly, NSO only sells its products to a "sovereign government or government agency." But, according to a declaration from NSO CEO Shalev Hulio, two Facebook representatives approached NSO in October 2017 and asked to purchase the right to use specific capabilities of Pegasus, reports Vice

Facebook was interested in buying Pegasus as they were concerned that their own data-gathering software seemed less effective on Apple devices. Facebook's software that was going to get the functionality, Onavo Protect, was billed as a piece of VPN software. Onavo was used primarily to gather information about what other apps Facebook users were using on their mobile devices.

"The Facebook representatives stated that Facebook was concerned that its method for gathering user data through Onavo Protect was less effective on Apple devices than on Android devices," the court filing reads. "The Facebook representatives also stated that Facebook wanted to use purported capabilities of Pegasus to monitor users on Apple devices and were willing to pay for the ability to monitor Onavo Protect users."

Facebook had allegedly proposed to pay NSO a monthly fee for each Onavo Protect user. However, NSO maintains that they refused the sale on the grounds that Facebook is a private entity.

Onavo Protect was eventually forced off the App Store in 2019 when Apple found the app in violation of newly implemented privacy policies. Specifically, the software ran afoul of data collection restrictions and parts of the iPhone maker's developer agreement covering customer data usage.
 
The donut media videos, anime stuff, mighty car mods, cleetus mcfarland, rally crash/epic moments videos, music videos, refined (hilarious construction animated series nsfw) and pretty much anything i stumble into while going down the rabbit hole sometimes.
 
I would add jimmy Oakes in there. He does a lot of different, “different” builds at once and he puts out a lot of content.
 
Back
Top