Trojanized Android firmware & how to check Android apps for unencrypted data

(1) Bleeping Computer: Malware Found in the Firmware of 141 Low-Cost Android Devices – “Two years after being outed, a criminal operation that has been inserting malware in the firmware of low-cost Android devices is still up and running, and has even expanded its reach.” 

Dr Web report from 2016: Doctor Web discovers Trojans in firmware of well-known Android mobile devices – “Doctor Web’s security researchers found new Trojans incorporated into firmwares of several dozens of Android mobile devices. Found malware programs are stored in system catalogs and covertly download and install programs.”

Avast report from 24th May 2018: Android devices ship with pre-installed malware – “The Avast Threat Labs has found adware pre-installed on several hundred different Android device models and versions, including devices from manufacturers like ZTE and Archos. The majority of these devices are not certified by Google.”

(2) Meanwhile, Sophos’ Matt Boddy has been looking at how to find out the answer to the question Are your Android apps sending unencrypted data? He says:

“My concerns led me to do some network analysis on popular Android apps, following the methodology set out in the OWASP Mobile Security Testing Guide.”

“I’ll tell you what I did, what I discovered and how you can do it too.”

*** This is a Security Bloggers Network syndicated blog from Mac Virus authored by David Harley. Read the original post at: