Operating Systems

OPINION

Some Android Malware Can Break Your Phone When You Delete It

Since Android’s unveiling in 2007, the platform has stayed true to its commitment to providing open and free source code. The source code is freely available to developers and device manufacturers who can, at their own discretion, install the software without worrying about the hassles of licensing fees.

The consequent reduction in fees allows device manufacturers to bring Android devices to the market at significantly lower prices than the competition, with the average price of an Android smartphone almost US$400 cheaper than an iPhone.

Android not only delivers cheaper smartphones — it is the largest mobile OS in the world, used in everything from cars to watches to televisions. It dominates global mobile operating systems with a market share of more than 85 percent. That means one-quarter of the world’s population owns or makes use of an Android device. Still, the rise of new encrypted Android malware might bring an end to the world’s fairytale romance with the platform.

Android owners last year were alerted to a new type of spyware that could be delivered via a WhatsApp call. Users barely had recovered from the fact that the most trusted apps could be vulnerable to attacks when last month, Android owners once again were alerted to dozens of Google Play Store apps that contained questionable permissions and hidden malware.

The alert came only weeks after another warning around the escalating reign of terror on personal data by data munching bugs.

The latest warning is not related to the Google Play Store, however, but to malware that comes preinstalled on Android devices. It not only auto-installs apps but also renders the phone unusable when the user attempts to uninstall the preinstalled malicious software.

The Preinstalled Malware Debacle

Thanks to the open-source nature of Android, manufacturers can create custom versions of the OS on their devices with their own unique sets of preinstalled apps. As many of these apps fall outside the Google-managed ecosystem, users have to trust the device manufacturers to stay within the boundaries of permissions granted and to treat any received data with the utmost respect for privacy.

Unfortunately, many manufacturers have proven to be unreliable in this regard, which prompted an open letter drafted by Privacy International and more than 50 other NGOs requesting Google to take action against apps that enable data exploitation.


 Related: How To Speed Up a Suddenly Slow Android Phone | Jan. 25, 2024


Although the chances of picking up malware with any mainstream Android device using default settings are extremely slim, the threat of preinstalled malware on Android devices being supplied by unethical manufacturers is growing.

One of the devices most recently found to have catastrophic preinstalled malware is the Unimax (UMX) U686CL. Offered on Virgin Mobile’s Assurance Wireless program as part of the U.S. government’s Lifeline Assistance Program (aimed at assisting low-income families to afford mobile services), it comes boxed for as little as $35.

Looking at the current personal and national financial statistics, it is easy to see why this device would be popular. Lifeline currently gives more than 9 million Americans access to a phone or data plan.

The Unimax (UMX) U686CL comes with two destructive apps — and one can not be removed. One, called “Wireless Update,” updates the phone. In fact, it is the only way to update the phone’s software. Unfortunately, it also can auto-install apps without needing user consent, and it does so from the moment the unsuspecting user logs onto the device.

“While the apps it installs are initially clean and free of malware, it’s important to note that these apps are added to the device with zero notification or permission required from the user.,” said Nathan Collier, senior malware intelligence analyst at Malwarebytes. “This opens the potential for malware to unknowingly be installed in a future update to any of the apps added by Wireless Update at any time.”

The updater app can be uninstalled by pressing and holding the app’s notification, clicking on “more settings”, pressing on the app’s icon, and finally clicking “uninstall” on the app’s info.

However, it is important to note that after taking this course of action, users no longer would be able to install any updates.

The other threat on these devices is the Settings app itself, which can not be uninstalled as it would render the phone completely unusable. Anyone currently using this device would be well advised to start looking for an alternative.

Locating and Removing Malware on Your Android Device

There are several critical steps that can be taken to protect networks from security threats that arise from connected mobile devices, but it all starts with the user.

If you’re worried that your current Android device might be infected with malware, there are certain tell-tale signs to look for. The best Web hosting companies give tips and tricks on how to ensure fast and responsive websites across PCs and mobile devices.

So, if your Android smartphone or tablet is running more slowly than your 1995 desktop computer, chances are you’ve downloaded an infected app. A magnitude of pop-up ads that bypass your Google settings, and a hanging or flashing screen are other indicators that your device is under threat.

To stop a malware attack and clean your device, follow the following steps:

Step 1: Shut It Down

Shutting down your device may seem counterintuitive, as it will not stop the attack from doing damage. However, it can protect other devices on the network while giving you the opportunity to gather your wits and do research on the infected app.

Do you know which app infected your device? Did it download other software onto your device? Use a different device to look up the symptoms you are experiencing. You may consider installing an antimalware app to remove the infected software, but that could open you to more risk, as you would be restoring access to the Internet.

Step 2: Activate Safe/Emergency Mode

Switch over to safe/emergency mode immediately upon switching your device on again. This will limit the amount of damage the app can do while you’re isolating the problem.

To activate safe mode, simply hold the power button for a few seconds when the device is powered on, then tap and hold the power off option. Depending on your device, several power options should be displayed on the screen, including the option to reboot to safe mode.

If you cannot locate your device’s safe mode, switch to airplane mode.

Step 3: Find the App in Your Device’s Settings

The Android Settings app usually has a gear-shaped icon but it may vary depending on your device arrangement and theme. Once in the Settings app, go to the Apps section and locate the problematic app.

If the full list does not become available, choose App Manager to open up the full list of apps. Select or click on the app, which should bring up the options to Force Stop, Force Close and Uninstall.

Step 4: Delete Anything Else Suspicious

Click on Uninstall and remove the unwanted app as well as any other suspicious downloads. Some core programs won’t give you the option to uninstall. In these instances, select Disable.

Oftentimes, malware protects itself against this form of removal. If you encounter any obstructions, go back to the original Settings menu and click on Lock Screen or Security. Find the “Phone (Device) Administrators” tab and click on it. In Phone, Administrators enable the functionality to remove malware.

Step 5: Download Antimalware Software

Any Android device is exposed and vulnerable if it is connected to the Internet. A variety of security and antimalware apps can scan for viruses, get rid of junk files, and protect your device against infected software.

Once you’ve deleted the infected software, download one of these security apps to protect your device from future attacks.

It’s also a good idea to make sure your device is running on the latest version of the OS, as updates protect devices from attacks.

Never, ever install an app if you don’t know what it is.

The opinions expressed in this article are those of the author and do not necessarily reflect the views of ECT News Network.
Sam Bocetta

Sam Bocetta has been an ECT News Network columnist since 2019. A freelance journalist specializing in U.S. diplomacy and national security, Bocetta's emphases are technology trends in cyberwarfare, cyberdefense and cryptography.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

Technewsworld Channels