
Malware Found Pre-Installed on Xiaomi, Huawei, Lenovo Phones [pdf] - howaboutit
https://public.gdatasoftware.com/Presse/Publikationen/Malware_Reports/G_DATA_MobileMWR_Q2_2015_EN.pdf
======
Rudism
When I worked for a company that distributed malware (mostly desktop, but
trying to break into mobile), we had relationships with a few people who would
buy up android devices in bulk and then charge money to companies like ours to
have our apps pre-installed. You could pay extra to have the app baked into a
custom rom to make it non-removable.

The business model from our end is we'd find app developers who are willing to
pay X amount per install (a conversion was usually tracked by the first time
an end user opens the app), and then we pay Y amount per install to a shady
phone re-seller to bake that app into the rom of their latest batch of phones.
As long as X is sufficiently higher than Y to account for whatever our
conversion rate is, we make our money back plus profits as the app developer
pays us for conversions.

The shady re-sellers would take their phones with new roms and either sell
direct to consumer or, in the case of the bigger guys, move those phones on to
a big-box retailer.

~~~
gcb0
instead of paying 10? 30% of your sleazy revenue to the middle man, why not
offer one payment to QA manager at the factory?

ironically, the same economics that make it worthwhile to manufacture in
country X, also makes it very cheap to bribe in country X (e.g. the guy that
would drive to eastern europe to buy pez dispensers at the factory for
collectors)

~~~
Rudism
That's the kind of suggestion that would get you ahead quickly at a company
like that (assuming you were also willing to personally follow through with
it).

------
geographomics
This seems to be the report referred to in the linked article:
[https://public.gdatasoftware.com/Presse/Publikationen/Malwar...](https://public.gdatasoftware.com/Presse/Publikationen/Malware_Reports/G_DATA_MobileMWR_Q2_2015_EN.pdf)

~~~
z2
It's interesting that the report states

 _" The G DATA security experts are certain that the manufacturers are not the
perpetrators in the majority of cases. Renowned companies will not risk their
reputation by distributing malware in the firmware."_

Manufacturers have no qualms about installing bloatware and even spyware onto
laptops. It would be interesting to know what standards, if any are used to
sift out the malware from potential bloatware candidates.

~~~
spiralpolitik
Clearly the author does not consider Lenovo to be a "Renowned company" given
that they have form for doing that very act. Twice.

~~~
dogma1138
While SuperFish was a security risk it wasn't a "malware", there is a
difference between various really stupid and blatant backdoors and other
security risks and actual malware.

Lenovo didn't use it to steal user's data they could care less about it, but
some one could abuse it to compromise users both through compromising
SuperFish it self and by exploiting the fact that SuperFish will issue
certificates to SSL websites even if the original certificate isn't really
valid which will allow attackers to MITM SSL connections.

Sony also had distributed software that could be classified as backdoors or
rootkits in it's CD's as DRM, many other companies also had similar incidents.

While it's a stupid practice and quite unfair to your customers you can't
really call it malicious since they didn't really used it for that just never
thought it quite true or didn't care enough in the first place.

The packages in this case seem to be actual malware and not some
adware/unwanted software installed by the vendors which while might be a
security risk wasn't intended to actually compromise the user.

------
plaguuuuuu
Well, this is a whitepaper from a company that wants to sell you mobile AV
software... so IMO some independent verification (or better proof than what's
in this PDF) would be good. Not that I doubt this goes on.

~~~
iofj
The comment above ("Rudism") appears to be exactly that.

~~~
riquito
A random comment is not an "independent verification"

------
0grr
In most cases it is most certainly the vendors who install custom roms before
shipping to overseas customers. Any one who have ever bought grey imported
chinese phones should be familiar with this; flashing official, custom roms
yourself is a necessity.

------
luke-stanley
What's with security articles being in notoriously insecure PDF format? Can
people not export HTML?

------
GhotiFish
related articles:

[http://www.cnbc.com/2015/09/02/malware-targeting-android-
on-...](http://www.cnbc.com/2015/09/02/malware-targeting-android-on-the-rise-
report.html)

[https://www.myhomegadgets.com/2015/09/07/smartphones-you-
pur...](https://www.myhomegadgets.com/2015/09/07/smartphones-you-purchased-
might-be-filled-with-malware-however-can-you-believe-that-read-the-story/)

[http://www.prweb.com/releases/2015/09/prweb12935451.htm](http://www.prweb.com/releases/2015/09/prweb12935451.htm)

[http://www.huffingtonpost.com/entry/android-malware-pre-
inst...](http://www.huffingtonpost.com/entry/android-malware-pre-
installed_55e6f2e8e4b0aec9f355271f)

[https://grahamcluley.com/2015/07/nearly-5000-android-
malware...](https://grahamcluley.com/2015/07/nearly-5000-android-malware/)

[http://www.paulgraham.com/submarine.html](http://www.paulgraham.com/submarine.html)

[https://www.gdatasoftware.com/](https://www.gdatasoftware.com/)

------
voltagex_
Pretty light on technical details. I'll see if I have time over the next few
days to pull one or two of the ROMs apart.

------
hippo8
Lenovo..

