Security Issues Found in Preinstalled Apps on Android Smartphones

By /

Listen to this Post

Featured Image
A recent analysis by Lukas Stefanko, Malware Analyst at ESET, revealed three critical vulnerabilities in preinstalled Android apps. These vulnerabilities could allow a third-party app to:

✅ Perform a factory reset

✅ Exfiltrate PIN codes

✅ Inject arbitrary intents with system-level privileges

[Read the full details here](mobile-hacker.com)

You Should Know: How to Detect & Mitigate Such Vulnerabilities

1. Check for Preinstalled App Vulnerabilities

Use ADB (Android Debug Bridge) to list all preinstalled apps: 

adb shell pm list packages -s

Inspect suspicious apps with:

adb shell dumpsys package <package_name>

2. Monitor for Suspicious Factory Reset Requests

Check system logs for unexpected factory reset triggers:

adb logcat | grep -i "factory_reset"

3. Detect PIN Exfiltration Attempts

Monitor clipboard access (common for PIN theft):

adb shell dumpsys clipboard

4. Block Arbitrary Intent Injection

Disable vulnerable app components:

adb shell pm disable <package_name>/<component_name>

5. Scan for Malicious Apps

Use YARA rules to detect exploit patterns:

yara -r /path/to/malware_rules.apk

6. Check for Unauthorized System Privileges

List apps with system-level permissions:

adb shell pm list permissions -g -d

7. Enable Enhanced Android Protections

  • Turn on Google Play Protect
  • Disable unknown sources in settings
  • Use NetGuard to block malicious network traffic: 
    adb shell settings put global restricted_networking_mode 1

What Undercode Say

Preinstalled apps often have elevated privileges, making them prime targets for exploitation. Regular audits using ADB, logcat, and permission checks are crucial. Manufacturers should enforce stricter app vetting, while users must disable unnecessary system apps and monitor for unusual behavior.

Prediction

As Android fragmentation persists, more OEM-specific preinstalled app vulnerabilities will surface, leading to targeted supply-chain attacks. Expect increased malware campaigns exploiting these flaws in 2024-2025.

Expected Output:

  • List of vulnerable preinstalled apps
  • Detection commands for exploit patterns
  • Mitigation steps via ADB and system hardening

IT/Security Reporter URL:

Reported By: Lukasstefanko Security – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

Join Our Cyber World:

💬 Whatsapp | 💬 Telegram

Related Posts: