Preloader

Preinstalled Apps Pose Hidden Risks on Low‑Cost Android Phones

Preinstalled Apps Pose Hidden Risks on Low‑Cost Android Phones

Preinstalled Apps Pose Hidden Risks on Low‑Cost Android Phones

Recent research reveals that many low‑budget Android smartphones come with preinstalled apps that have broad system‑level permissions and minimal oversight. Unlike apps downloaded from Google Play, these built‑in programs often skip rigorous security reviews — potentially serving as entry points for malware or tools that compromise user privacy.

The study focused on the African mobile market, testing three budget phone brands priced under $100, all running Android Go Edition. To conduct the analysis, the research team developed an automated framework called PiPLAnD, capable of extracting and examining APK files directly from real devices.

 What Is Android Go Edition?

Android Go Edition is a lightweight version of Android designed for entry‑level devices with 2 GB of RAM or less and limited storage. It ships with simplified Google apps, but system updates and security patches typically arrive later than standard Android releases.

 Sensitive Data Leaks

One of the most alarming findings was the exposure of personal identifiers — including MCC (Mobile Country Code), user location data, device details, IMSI, and IMEI numbers.

These leaks occurred through components such as SharedPreferences, system logs, Intents, and even network transmissions.

Overall, about 9% of preinstalled apps (145 apps) were found leaking sensitive information, enabling potential user tracking or advertising exploitation without consent.

 Suspicious Behaviors Among Preinstalled Apps

  • 33 apps could secretly install other applications without user approval.
  • 79 apps accessed SMS permissions (read, send, or delete messages).
  • 10 apps could read system logs and content from other apps.

In total, 226 apps were capable of executing potentially dangerous system commands.

 Security Misconfigurations in the Manifest File

Android apps define their components — such as Activity, Service, Receiver, or Provider — in the AndroidManifest.xml file.

When these components are marked exported without proper protection or authorization, other apps can trigger them and extract sensitive data.

The research found that 16% of preinstalled apps (249 versions) exposed critical components without any security layer. That leaves users vulnerable to unauthorized access and data manipulation.

Broader Implications

These findings don’t imply that all low‑cost Android phones are insecure — but they highlight an urgent need for deeper security audits on preinstalled software.

Users should remember: the real risk isn’t limited to what they install, but also to what comes preloaded on their devices.

People relying on such phones for personal or work‑related tasks are advised to review permissions, keep devices updated, and use trusted mobile security tools whenever possible.

Source: MedadPress
www.medadpress.ir