[HN Gopher] Unremovable malware found preinstalled on low-end sm... ___________________________________________________________________ Unremovable malware found preinstalled on low-end smartphone sold in the US Author : fortran77 Score : 66 points Date : 2020-01-10 20:35 UTC (2 hours ago) (HTM) web link (www.zdnet.com) (TXT) w3m dump (www.zdnet.com) | JohnFen wrote: | In my opinion, the prevalence of software that I consider to be | malware has become so extreme that I don't consider any | smartphone to be safe enough to use anymore. | | Although I'm marginally OK with my current one (an antique that I | have a google-free ROM and a lot of security installed on), it | will probably die within the next couple of years. At or | (hopefully) before that time, I'll have completed my move out of | smartphones entirely. | butz wrote: | Is it really unremovable? What about flashing custom AOSP build? | droithomme wrote: | Sure, why don't you buy these figure out how to do it then | publish easy to understand instructions for the average | purchaser to follow. Thanks! | kick wrote: | "Requires domain knowledge" is not the same as "unremovable." | rimunroe wrote: | That's a needless distinction for the vast majority of | users. I imagine anything is removable with enough domain | knowledge and the right equipment. | kop316 wrote: | This assumes you can unlock the bootloader and make an AOSP | build. | droithomme wrote: | Is this too much different than the unremovable malware found | preinstalled in _high-end_ smartphones sold in the US? Even big | brands like Samsung are riddled with insidious malware these | days, all which you consent to when clicking through the | registration screens. | | We need regulation banning all this. Will never happen since | malware benefits those who crave endemic surveillance. | cs702 wrote: | ...and on high-end smartphones too, arguably. Consider how | difficult it would be to remove from any smartphone any piece of | software that you as a consumer don't want (e.g., baseband | firmware, call-home components, data-collection services, etc.). | TrueDuality wrote: | A lot of the comments here are complaining about trash software | that exists on other phones that isn't removable. The difference | here is that it isn't just garbage ware that might have | vulnerabilities like the stuff Samsung puts on its phone, this is | actively malicious. | | This especially sucks because the people who can't afford a good | phone will pay not only in having a poorer user experience but | they'll have their financial and social media information stolen | as soon as its used on these devices. | | That means the people who can least afford (via both time and | money) to deal with identity theft will be the ones hit the | hardest. | kop316 wrote: | Heh, it's funny you say that. I just broke my phone and had to | go get a new one. I was holding out for the PinePhone/Librem 5 | to be useful enough that I wouldn't need another Android | device. | | The cheapest device that I trusted was the Pixel 3a, and that's | because I can cleanly install GrapheneOS and not have google | play install. That was $400. It was very tempting to get a $100 | phone, but this was my exact worry. | jenkstom wrote: | I bought three of these for my 8 year old triplets from | twigby.com. I was really upset with twigby, but I guess they | weren't the ones that did it. These phones would continuously | install weird apps no matter what I did. I even had them locked | down with the google family app and they still did their thing. I | upgraded to to Moto G7 Plays and they are not only faster, they | don't continuously install malware. | xfitm3 wrote: | Personally I consider this to be all phones: the baseband | firmware is a blob that does who knows what, and is likely the | weakest component of nearly every phone on the market. Most | baseband processors are connected via DMA. | | Prior discussion from 2016: | https://news.ycombinator.com/item?id=10905643 | jimmaswell wrote: | There's no malware here that I can see, simply an auto-update | mechanism that could theoretically be abused, like every auto- | update mechanism (Chrome, Windows 10..) | rahuldottech wrote: | This is very common for low-end Android phones. I have seen and | used many models from different companies (eg, Micromax, Gionee) | (mostly Chinese) that remotely install apps or inject ads into | the OS (notifications, home screen or lock screen). | | They also almost certainly are used to collect personal user data | and sell it. | | Another bad thing is that these apps often come installed as | "system apps", so you can't uninstall or disable them, or change | permissions :( | pmlnr wrote: | I hope people remember when Kindles were possible to be bought | with burned-in ads for cheaper. | Jeff_Brown wrote: | In which case the buyer knew what they were getting into, | yes? | tandr wrote: | https://www.xda-developers.com/uninstall-carrier-oem-bloatwa... | | I have used these instructions in the past to remove things I | don't need from Samsung phone. | | (There is also xda threads that talking about it as well, | pointing what apps could be removed) | | I am not 100% sure if "cheap" phones would allow to do this | though. ___________________________________________________________________ (page generated 2020-01-10 23:00 UTC)