• Skip to primary navigation
  • Skip to main content
  • Skip to footer
  • Home
  • Advertise With Us
  • Contact
  • Cookie Policy
    • Privacy statement (CA)
    • Cookie policy (CA)
    • Privacy statement (UK)
    • Cookie policy (UK)
    • Privacy statement (US)
    • Cookie Policy (US)
    • Privacy statement (EU)
    • Cookie policy (EU)
    • Disclaimer

TechWalls

Technology News | Gadget Reviews | Tutorials

  • Reviews
  • Tech News
  • Tech Guide
  • Gadget & Apps

OEM Customization in Android Devices Leaves Users Vulnerable to Attacks

Updated on Jul 22, 2015 by Guest Authors

As more and more original equipment manufacturers, or OEMs, turn to the practice of customizing their Android version, millions of users are increasingly exposed to malicious attacks.

Many OEMs are in the habit of omitting the necessary security procedures before shipping their products to retail shelves, researchers at the Indiana University, Bloomington and University of Illinois at Urbana-Champaign concluded.

android-vulnerable

The researchers were able to disclose the vulnerabilities when they began to run a custom tool, which they called Addicted, on the big brands in the mobile universe that run the Android operating system as part of their group study that aimed to unearth security issues that might have been omitted by the OEMs’ security radar.

And indeed a number of security flaws have been uprooted, which underscores the companies’ reckless practice of rolling out mobile phones without making sure they are secured from potential hacks. Addicted, by the way, is a tool used for detecting certain flaws in devices. It was developed by the researchers themselves.

The vulnerabilities in question are said to grant certain apps the authority to capture images and keep log of a user’s key input on the screen. The flaws have been discovered to affect hundreds of Android device models and millions of users as a consequence.

At the core of the problem is the rapid turnout of mobile devices from production lines every year. As a result, OEMs are forced to constantly customize Android to suit their hardware upgrades or alterations, therefore compromising security in the process when they would alter Android’s Linux device drivers for NFC, camera, connectivity, among others.

More specifically, the researchers leveraged the detection capabilities of Addicted to identify the flaws in a number of Samsung models. Then they created an end-to-end method of attack to permit an unauthorized app to capture screenshots and photos.

What exactly is the side effect of OS customization? The Android Open Source Project code is used to review the entire customization process. This code is being overseen by the OEM. But it appears some OEMs have a poor oversight of the AOSP. Consequently, a number of bugs emanate from the OEM customizations.

But it is only the tip of the iceberg. The Linux ecosystem itself contains several device files that are hard to detect for security flaws. That calls for further work in order to gain insights into how to secure resources embedded in various Android layers, and most especially to protect resources in customized Android platforms.

Disclosure: As an Amazon Associate, I earn from qualifying purchases. The commission help keep the rest of my content free, so thank you!

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Footer

POLONO PL60Thermal Label Printer Review

DaranEner NEO2000 Power Station Review – A Beast In A Portable Design

Autonomous SmartDesk Junior Review – Kid Standing Desk with Pegboard and Adjustable Height

OKP Life K2P Robot Vacuum Cleaner Review – Who Should Buy this Vacuum?

Follow TechWalls

YoutubeFacebookTwitterInstagram

Recent Posts

  • BLUETTI Valentine’s Day Deals for Canada
  • BLUETTI’s Romantic Deals this Valentine – Up to 30% Off
  • Google Is Launching Bard to Fight ChatGPT, Here Is How It Works
  • POLONO PL60Thermal Label Printer Review

Copyright © 2023 · All Rights Reserved

Manage Cookie Consent
We use technologies like cookies to store and/or access device information. We do this to improve browsing experience and to show personalized ads. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional cookies Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage vendors Read more about these purposes
View preferences
{title} {title} {title}