(Forbes) – Millions of shiny new Android smartphones are being purchased with dangerous malware factory-installed, according to Google’s own security research team. There have been multiple headlines about the millions of harmful apps being installed from the Play Store, but this is something new. And the danger to unsuspecting users, trusting that new boxed devices are safe and clean, is that some of that preinstalled malware can download other malware in the background, commit ad fraud, or even take over its host device. Android is a thriving open-source community, which is great for innovation but not

so great when threat actors seize the opportunity to hide malware in basic software loads that come on boxed devices. New phones can have as many as 400 apps factory-installed, many of which we just ignore. But it transpires that many of those apps have not been vetted. The apps themselves will work as billed, providing a useful capability or service, so we can be forgiven for not considering the risk that might lurk within. Google’s Maddie Stone, a security researcher with the company’s Project Zero, shared her team’s findings at Black Hat on Thursday. “If malware or security issues come as preinstalled apps,” she warned, “then the damage it can do is greater, and that’s why we need so much reviewing, auditing and analysis.” READ MORE

Forbes is an American business magazine. Published bi-weekly, it features original articles on finance, industry, investing, and marketing topics. Forbes also reports on related subjects such as technology, communications, science, politics, and law. Its headquarters is located in Jersey City, New Jersey.