Google wants to fight pre-installed Android malware

Daniel Sims

Posts: 1,178   +41
Why it matters: Over the years, Google has introduced numerous security measures to thwart evolving ever-evolving threats to Android systems. The emerging problem of pre-installed malware has pushed the company to allow users to check their operating systems against verified public records.

Pixel phone and tablet owners can now use Google's Pixel Binary Transparency to ensure their firmware matches trusted installation data. The feature comes in response to the rising frequency of hackers tampering with software on Android devices before they reach customers.

Security researchers have recently raised alarm bells over malware that can come pre-installed on millions of Android devices worldwide. Vendors offering cheaper phones, tablets, or other products might use Android-based firmware from dubious sources, allowing hackers to sneak malicious code onto factory-sealed devices. Attackers can also compromise the developers of the pre-installed apps that manufacturers often include in their products, eventually stealing users' information or tricking them into expensive purchases.

Data suggests the problem primarily affects users in Eastern Europe and Southeast Asia. Security analysts have observed Android device brands like Oppo, OnePlus, Realme, and Xiaomi practicing insecure firmware policies.

One solution from Google is Pixel Binary Transparency, which the company first mentioned in 2021 and has recently described in greater detail. The tool consists of a public cryptographic log containing metadata from official Pixel device factory images, which the company implements as a tile-based Merkel tree. Power users can compare their firmware images with Google's to check for suspicious additions to the code.

Furthermore, it should be extremely difficult or impossible for attackers to change the public log to fit their infected builds without being detected because it's cryptographically guaranteed to be append-only. Information can only be added to the record but never changed or deleted. The concept is fundamentally similar to a blockchain.

Google plans to improve Pixel Binary Transparency continually, but it's only available for Pixel devices. Hopefully, it or similar tools eventually become available for other Android systems. Currently, the best way to avoid pre-installed malware or compromised Android installs is to purchase hardware from large, established brands like Samsung and Google, which are more likely to enforce stringent security measures.

Most pixel owners likely won't need Binary Transparency, as Google designed it for users with coding experience. The feature complements Android Verified Boot, a more accessible security measure that checks whether all executed code on a device comes from trustworthy sources.

Permalink to story.