cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
search icon

Original topic:

Samsung Pre-Installed and Thousands of Android Apps Come With Hidden Backdoors

(Topic created on: 04-10-2020 02:21 AM)
314 Views
immi007
Expert Level 5
Options

‎04-10-2020 02:21 AM in 

Others
Study shows pre-installed apps come with more unethical backdoors behaviour than other apps.

 HIGHLIGHTS
  • 4,028 tested apps seem to be checking for blacklisted words
  • Researchers scanned 150,000 apps using a tool called InputScope
  • 4.5 percent of apps from Baidu indulged in blacklisting


Article from NDTV-gadgets360 By Tasneem Akolawala | 8 April 2020 



The test uncovered 12,706 mobile apps containing backdoor secrets and 4,028 mobile apps containing blacklist secrets. 

Undocumented backdoors include : 
secret access keys, master passwords, and secret privileged commands, and blacklists of unwanted items include censorship keywords, cyber-bulling expressions, and weak passwords.

 The percentage of undocumented backdoor instances on pre-installed apps was around 16 percent, while Google Play Store apps were at 6.8 percent.


image
Image source: Google play store screenshot.

 A new study claims that thousands of Android apps may come with input-triggered secrets such as backdoors and blacklists of unwanted items. A total of 150,000 apps have been analysed using a newly developed tool called InputScope. Out of these, 12,706 apps were found to have presence of backdoors, and over 4,028 apps seem to be checking for blacklisted words. From the 150,000 apps, 100,000 apps were from Google Play Store and 30,000 apps were pre-installed ones on Samsung phones.

The new study (link to it) comes from researchers at Ohio State University, New York University, and the Helmholtz Center for Information Security (CISPA).

InputScope tool helped in automatic detection of both the execution context of user input validation and the content involved in the validation to automatically expose hidden functionality.

As mentioned, the pool of apps had Android apps from Google Play Store, pre-installed apps from Samsung phones, and 20,000 apps from Chinese market Baidu as well.

For blacklisting, 4.5 percent of apps were from Baidu, 3.9 percent apps were from pre-installed apps, and 2 percent apps were from Google.


 These secret backdoors and blacklists on apps can allow for
Remote login,
Reset user passwords,
top users from accessing content,and
Let hackers bypass payment interfaces. 

All of these exist without any user knowledge, and this poses as another great threat in the chaotic Android ecosystem.


Article link


7 Comments
Anonymous
Not applicable
Options

‎04-10-2020 04:45 AM in 

Others
How did you put "Hyper link" in the word "STUDY" btw mice article...and i don't read much of NDTV. Its a bull... media.site.
immi007
Expert Level 5
Options

‎04-10-2020 05:23 AM in 

Others
word... edit hyperlink....Text to display ... Any good suggestions other then ndtv... Indian tech News
Anonymous
Not applicable
Options

‎04-10-2020 08:06 AM in 

Others
so hyper link get pasted from word in Samsung members app...great....times now and times of india
immi007
Expert Level 5
Options

‎04-10-2020 02:22 PM in 

Others
Yeah... thanks for those 👍
ѵօϲɑӀ4ӀօϲɑӀ
★★
Options

‎04-10-2020 09:20 AM in 

Others
Thats what I told in 2 of my posts that privacy is a myth on Samsung too now a days.
immi007
Expert Level 5
Options

‎04-10-2020 02:24 PM in 

Others
security bro. ... privacy on a phone made be Samsung and Android by Google ... never... but Samsung knox won an award about security tho... may be not soo bad at all.....
ѵօϲɑӀ4ӀօϲɑӀ
★★
Options

‎04-10-2020 03:06 PM in 

Others
I agree but I dont fall in the trap called "Privacy".
Cus I believe any device losses its privacy as soon as that is connected to network.