Pre-installed apps on low-end Android phones are full of security holes

More than 146 apps from 29 manufacturers were found to put users at risk.

In what has become an annual reckoning, security research company Kryptowire recently published its 2019 report on the state of manufacturer-installed software and firmware for Android devices and, to no one's surprise, they found more than 140 bugs which could be exploited for malicious purposes.

The DHS-funded report uncovered 146 apps, which come pre-installed on inexpensive Android handsets, would pull shenanigans like eavesdropping through the microphone, unilaterally changing their permissions or surreptitiously transmitting data back to the manufacturer without ever notifying the user.

Kryptowire found these bugs on phones from 29 different manufacturers from relatively unknowns like Cubot and Doogee to marquee companies include Sony. And given that the average Android come with anywhere from 100 to 400 apps pre-installed, often bundled as part of larger app suites, these vulnerabilities pose a growing threat to users.

The problem isn't unsolvable, mind you. "Google can demand more thorough code analysis and vendor responsibility for their software products that enter the Android ecosystems," Kryptowire CEO Angelos Stavrou told CNET. "Legislators and policy makers should demand that companies are accountable for putting the security and personal information of end-users at risk."

The question, though, is whether or not Google and policy makers have the political will to take steps necessary to correct the issue.