How apps make your phone soft target for cyber-attackers

Up to three in every 10 low-cost device owners are at risk of having undeletable apps in their phones that make them easy target for malicious software.

Data from cyber-security firm Kaspersky shows that in 2019, 14.8 percent of users who were targeted by malware or adware suffered “a system partition infection,” making the files undeletable.

The adware plants itself in the system partition, and trying to get rid of it can lead to device failure.

“Moreover, pre-installed default applications also play a role here: depending on the brand, the risk of undeletable applications varies from one to five percent in low-cost devices and goes up to 27 percent in extreme cases,” said Igor Golovin, Kaspersky security researcher.

“Our analysis demonstrates that mobile users are not only regularly attacked by adware and other threats, but their device may also be at risk even before they purchased it. Customers don’t even suspect that they are spending their cash on a pocket-sized billboard.”

In some cases, adware modules were pre-installed before the user even received their device, which could lead to potentially undesired and unplanned consequences. For instance, many smartphones have functions providing remote access to the device. If abused, such a feature could lead to a data compromise of a user’s device.

According to the firm, few vendors have openly admitted to embedding adware in their smartphones.

While some allow it to be disabled, others do not, and they describe it as part of their business model to reduce the cost of the device for the end user. Often, the user has little choice between buying the device at the full price, or a little cheaper with lifetime advertising.

“Some mobile device suppliers are focusing on maximising profits through in-device advertising tools, even if those tools cause inconvenience to the device owners. But this is not a good trend – both for security and usability,” said Mr Golovin.

“I advise users to look carefully into the model of smartphone they are looking to buy and take these risks into account — at the end of the day it is often a choice between a cheaper device or a more user-friendly one.”

Kaspersky found a variety of malicious programs — from Trojans that can install and run apps without the user’s knowledge to less threatening but nevertheless intrusive, advertising.

The firm recommends that before purchasing a device, one should check for user reviews.

If your device is infected, check for firmware updates or try to install alternative firmware, at your own risk. In addition to that, a good security solution (antivirus) for that can help detect the threats including adware.