It's not only questionable apps that can introduce risk to Android devices but also pre-installed firmware, new research has found. In Android smartphones from 29 Asia-based manufacturers, 146 vulnerabilities have been found. Devices from such popular companies as Asus, Samsung, Sony and Xiaomi are among the affected. 33 of the vulnerabilities were found in Samsung devices.
Those vulnerabilities allow, among other actions, modification of system properties (28.1%), app installation (23.3%), command execution (20.5%), and wireless settings (17.8%). The manufacturers have been notified about the findings - Samsung and Sony promised to resolve them promptly. Hopefully, they will keep the promise, as users themselves can't uninstall the vulnerable firmware.
Most popular devices affected are as follows:
- Asus ZenFone,
- Samsung A3, A5, A7, A8+, J3, J4, J5, J6, J7, S7, S7 Edge,
- Sony Xperia Touch,
- Xiaomi Redmi 5, Redmi 6 Pro, Mi Note 6.