MILLIONS of Android users are being warned about security flaws in applications that come pre-installed on their phones.
The apps, which are typically difficult for the average user to delete from their phone, were recently found to have vulnerabilities that could have been exploited by attackers.
Microsoft researchers are warning Android users about the potential for security risks to exist in pre-installed applicationsCredit: Getty
The research team recently detected vulnerabilities in these hard to delete applications and worked with developers and service providers to fix the problemCredit: Getty
The vulnerabilities were detected by the Microsoft 365 Defender Research Team and reported on Microsoft’s security blog.
According to the research team, the vulnerabilities have now been fixed, but the weaknesses could have been susceptible to bad actors looking to get a hold of sensitive information.
Users have been warned that they should make sure their phones have the latest updates to make sure the fixes are applied.
Microsoft reported that the problems were contained in a mobile framework “used by multiple large mobile service providers in pre-installed Android System apps.”
Liabilities within the apps “potentially exposed users to remote (albeit complex) or local attacks”, Microsoft said.
The company says the problems were resolved through work with the mobile framework developer mce Systems and the mobile service providers impacted by the issue.
“We commend the quick and professional resolution from the mce Systems engineering teams, as well as the relevant providers in fixing each of these issues,” Microsoft said in its report.
“Collaboration among security researchers, software vendors, and the security community is important to continuously improve defenses for the larger ecosystem.”
As a result of the collaborative effort that successfully fixed the problem, the impacted users can keep using the apps without concern.
Microsoft’s detection of the Android system app vulnerabilities stemmed from general research into pre-installed applications.
The team says it wanted to “better understand” how mobile device security is impacted by these kind of apps.
Within the mce Systems framework, they detected an element that could have been exploited by attackers to remotely commander control over the device.
We pay for your stories!
Do you have a story for The US Sun team?