cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
search icon

Original topic:

Samsung Pre-Installed and Thousands of Android Apps Come With Hidden Backdoors

(Topic created on: 04-10-2020 05:37 PM)
804 Views
immi007
Expert Level 5
Options

‎04-10-2020 05:37 PM in 

Others
Study shows pre-installed apps come with more unethical backdoors behaviour than other apps.

 HIGHLIGHTS
  • 4,028 tested apps seem to be checking for blacklisted words
  • Researchers scanned 150,000 apps using a tool called InputScope
  • 4.5 percent of apps from Baidu indulged in blacklisting


Article from NDTV-gadgets360 By Tasneem Akolawala | 8 April 2020 



The test uncovered 12,706 mobile apps containing backdoor secrets and 4,028 mobile apps containing blacklist secrets

Undocumented backdoors include : 
secret access keys, master passwords, and secret privileged commands, and blacklists of unwanted items include censorship keywords, cyber-bulling expressions, and weak passwords.

 The percentage of undocumented backdoor instances on pre-installed apps was around 16 percent, while Google Play Store apps were at 6.8 percent.


image
Image source: Google play store screenshot.

 A new study claims that thousands of Android apps may come with input-triggered secrets such as backdoors and blacklists of unwanted items. A total of 150,000 apps have been analysed using a newly developed tool called InputScope. Out of these, 12,706 apps were found to have presence of backdoors, and over 4,028 apps seem to be checking for blacklisted words. From the 150,000 apps, 100,000 apps were from Google Play Store and 30,000 apps were pre-installed ones on Samsung phones.

The new study (link to it) comes from researchers at Ohio State University, New York University, and the Helmholtz Center for Information Security (CISPA).

InputScope tool helped in automatic detection of both the execution context of user input validation and the content involved in the validation to automatically expose hidden functionality.

As mentioned, the pool of apps had Android apps from Google Play Store, pre-installed apps from Samsung phones, and 20,000 apps from Chinese market Baidu as well.

For blacklisting, 4.5 percent of apps were from Baidu, 3.9 percent apps were from pre-installed apps, and 2 percent apps were from Google.


 These secret backdoors and blacklists on apps can allow for
Remote login,
Reset user passwords,
top users from accessing content,and
Let hackers bypass payment interfaces. 

All of these exist without any user knowledge, and this poses as another great threat in the chaotic Android ecosystem.


Article link


17 Comments
Anonymous
Not applicable
Options

‎04-10-2020 05:41 PM in 

Others

thats bad and very bad 

 

immi007
Expert Level 5
Options

‎04-10-2020 06:41 PM (Last edited ‎04-10-2020 06:41 PM ) in 

Others
yes.... indeed
0 Likes
NaveedKazi8888
Active Level 7
Options

‎04-10-2020 06:00 PM in 

Others
thanks for sharing this valuable information
immi007
Expert Level 5
Options

‎04-10-2020 06:40 PM in 

Others
np.... will always keep doing it👍
Anonymous
Not applicable
Options

‎04-10-2020 06:49 PM in 

Others
yaha toh zamane se chal raha hai...nice info bro
immi007
Expert Level 5
Options

‎04-10-2020 07:03 PM in 

Others
Paar point out tho karna padtha hai. . thanks
Anonymous
Not applicable
Options

‎04-10-2020 07:04 PM in 

Others
point out sahi kiya hai
immi007
Expert Level 5
Options

‎04-10-2020 07:08 PM in 

Others
ha... .. point out karne see unko farak Ghanta padega
Anonymous
Not applicable
Options

‎04-10-2020 07:10 PM in 

Others
ye business hai aisa hee chalega....