Customized Android Builds Drive Global Security Inequality

Security experts have warned that default regional settings and pre-loaded applications may be exposing Android devices in some countries to a greater risk of cyber-attack.

F-Secure claimed today that large numbers of pre-bundled apps can expand the attack surface of a device.

The impact is potentially worse when country-specific rules block access to Google Play, meaning that users have to rely on third-party stores curated by the phone manufacturers themselves.

F-Secure claimed it found multiple vulnerabilities in the Huawei AppGallery which could be used to “create a beachhead” to launch additional attacks, such as one targeting the Huawei iReader which could allow hackers to execute code and steal data from devices.

Meanwhile, a simple phishing email/message could be enough to compromise the default configuration on the Xiaomi Mi 9 for China, India, Russia and maybe other countries, the security vendor claimed.

In another case, the research team compromised a Samsung Galaxy S9 by exploiting the fact that the device changes its behavior according to which country issued the SIM inside it.

“To perform this attack, an adversary must manipulate an affected Galaxy S9 user into connecting to a Wi-Fi network under their control (such as by masquerading as free public Wi-Fi),” F-Secure explained.

“If the phone detects a Chinese SIM, the affected component accepts unencrypted updates, allowing an adversary to compromise the device with a man-in-the-middle attack. If successful, the attacker will have full control of the phone.

F-Secure warned that as the number of customized Android builds grows, the white hat community needs to double down on research.

“It’s important for vendors to consider the security implications when they’re customizing Android for different regions,” added senior security consultant, Toby Drew.

“People in one region aren’t more or less entitled to security than another, and if you have the same device configured to provide a less secure experience to users in one region compared to another, it’s creating a type of inequality by increasing their exposure to attacks.”

What’s Hot on Infosecurity Magazine?