The presentation discusses the challenges and solutions in securing pre-installed Android apps and devices, including issues with third-party plugins, security settings misconfiguration, and malware infiltration.
- Pre-installed Android apps and devices pose unique security challenges due to the diversity of OEMs and customizations
- Third-party plugins can pose security risks and require a remediation process involving OEMs and post-mortem analysis
- Security settings misconfiguration, such as disabling Google Play protect, can lead to privilege escalation and malware infiltration
- Malware, such as the Shinhwa botnet, can infiltrate the supply chain and infect millions of devices
- Auditing devices and frameworks is important to identify customizations and potential security risks
One example of a security issue discussed in the presentation is the Shinhwa botnet, which infected 20 million devices through pre-installed and user space applications. The botnet's payloads included premium SMS fraud, click fraud, ad fraud, and app installation fraud, and it was considered one of the most impactful botnets of 2018 due to its infiltration of the supply chain.