top of page
  • Writer's pictureThe DigitalBank Vault

Android preinstalled nonfree apps have access to sensitive data without users' knowledge.

An academic study that analyzed 82,501 apps that were pre-installed on 1,742 Android smartphones sold by 214 vendors concluded that users are woefully unaware of the huge security and privacy-related threats that come from pre-installed applications.

Our personal information is sent to a broad network of interested parties, some of which are controversial. “The pre-installed apps are an indication of another reality: agreements between actors (manufacturers, data traders, mobile operators and advertisers) for added value, but also for commercial ends,”

Android ecosystem of pre-installed apps is a privacy and security mess.

Researchers found that many of these pre-installed apps have access to very intrusive permissions out of the box, collect and send data about users to advertisers, and have security flaws that often remain unpatched.

But in addition to custom permissions, researchers also discovered that many apps also had access to way too many "standard" permissions, which the pre-installed apps didn't necessarily use and theoretically would remain as an open door for future abuse.

For example, researchers found 55 pre-installed apps that were granted access to more than 100 permissions, with one app (com.cube26.coolstore) having access to 144 permissions, while another app (com.jrdcom.Elabel) having 145 permissions.

According to researchers, the most used permission among apps that also embed a third-party SDK is the permission to read system logs, followed by the ability to mount/unmount storage space, and the ability to install other apps.

What is the difference between the DigitalBank Vault and other secure communication devices ? 

The DigitalBank Vault does not store permanently and has no way to store data, information, keys, passwords or any other form of memory. 

No useful information can be ever retrieved, no matter what forensic tools are used. What can be extracted is fragmented, randomly encrypted useless data. 

106 views0 comments


bottom of page