In many occasions, Android users have complained to have harmful malware on their devices. It is usually assumed that they downloaded it from some external source into their device.
Although according to Oren Koriat, a member of Check Point’s Mobile Research Team,
In all instances, the malware was not downloaded to the device as a result of the users’ use — it arrived with it.
The security maker at Check Point also revealed that preinstalled malware was found on 36 Android devices belonging to two companies. He explained that the malicious apps on the phones were not installed by the vendor, instead, they were installed somewhere along the supply chain.
There were two primary suggested reasons behind the preinstalled malware; in most of the cases, it was installed to steal private information from Android phones. The malware consisted of rough ad networks that spammed the device and information steals.
One of the malicious software found on the device was Slocker. Slocker is a mobile ransomware program what demands a payment to decrypt the personal data. Loki malware was also found; this software generated money by playing ads without permission and stealing the data on phone.
According to researchers, these findings were unfortunately not unexpected. An Android device goes through 4 stages before getting from the maker to the user; firstly, a new version of OS is released and the phone vendor tests it before passing it forward to the carrier. The carrier also tests it and customizes the phone. This customized phone is then passed along to the user. According to a principal engineer from Trend Micro,
The problem is that when the phone is customized, malicious software or adware can be injected into it.
Since Android has an open operating system is it more prone to these kinds of attacks compared to Apple’s iOS. However, Android’s OS is not to be blamed here; the problem lies in the corrupt supply chain targeting mobile users.