When buying a new smartphone, it’s normal to come with pre-installed apps, especially those from phone operators or those installed by equipment manufacturers and those that have become a staple in every phone. But on many occasions, users do not fully understand that these apps can cause serious security flaws. Get all the details of what Microsoft has discovered.
Microsoft is somewhat concerned about these pre-installed apps
“As it is with many of the pre-installed or default applications that most Android devices come with these days, some of the affected apps cannot be fully uninstalled or disabled without gaining root access to the device,” the Microsoft 365 Defender Research Team said in a report posted last Friday.
As you can read, the Microsoft cybersecurity team is concerned about the pre-installed applications found on Android devices. This is because it is difficult to uninstall and have more complex access to the internal system. In addition, on many occasions, only the basic applications are used by users, such as Facebook, Twitter, Instagram, YouTube, and even LinkedIn.
Until now, these flaws have already been repaired by its Israeli developer MCE Systems, but the danger they brought with them is worrying since they could give cybercriminals great access to equipment, including internal systems that only experts know.
These flaws are classified under codes: CVE-2021-42598, CVE-2021-42599, CVE-2021-42600, and CVE-2021-42601, with CVSS scores between 7.0 and 8.9. Which can vary from command injection to local privilege escalation. The Microsoft 365 team did not publish the full list of affected apps. Still, it did say that they can access all of the phone’s information, and criminals can leave behind backdoors to gain quick access to them.
The apps can also be found in the Google Play Store, which is worrying because it implies that they have passed the security controls that apply to all applications. However, carriers and manufacturers are expected to implement better controls for these pre-installed apps soon.
Keep in touch with our blog to read the latest news and innovations in the cybersecurity world.
Facebook: Eagle Tech Corp
LinkedIn: Eagle Tech
YouTube: Eagle Tech Corp