Many Android Devices Had a Pre-Installed Backdoor, Google Reveals

The list of affected devices includes Leagoo M5 Plus, Leagoo M8, Nomu S10, and Nomu S20.

Many Android Devices Had a Pre-Installed Backdoor, Google Reveals

Android phones were spotted to have Triada as a preloaded backdoor in 2017

  • Google has confirmed Dr. Web report revealing malware on Android devices
  • It worked with handset makers to fix the backdoor access
  • Google provides OEMs with a "Build Test Suite" examine Android ROMs

Android phones had a pre-installed framework backdoor that made them vulnerable even before they hit stores, Google revealed in a detailed study on Thursday. The story starts with the "Triada family" of trojans that was first discovered early in 2016. The Mountain View, California-headquartered company initially removed Triada samples from all Android devices using Google Play Protect. But in 2017, it was found that Triada evolved and ultimately became a preloaded backdoor on Android devices. Notably, the latest phones aren't likely to be affected by what has been discovered by Google. The vulnerability did have an impact on various models in the past, though.

Security researchers at Kaspersky highlighted the presence of Triada back in 2016 when it was noted as a rooting trojan designed to exploit hardware after getting elevated privileges. The key aim of the trojan was found to install apps that could be used to send spam and display ads. Google implemented detection through its Play Protect to remove Triada samples.

However, as per a blog post detailing the backdoor access, Google's in-house researchers in 2017 spotted a backdoored log function version of Triada that was used to download and install modules. The preloaded log function was importantly placed in the system section that wasn't noticed by many smartphone manufacturers at the initial stage.

"Triada was inconspicuously included in the system image as third-party code for additional features requested by the OEMs," wrote Lukasz Siewierski from Android Security and Privacy team at Google in the blog post. "This highlights the need for thorough ongoing security reviews of system images before the device is sold to the users as well as any time they get updated over-the-air (OTA)."

Google worked with original equipment manufacturers (OEMs) and provided them with instructions to remove the threat from devices. It also eventually pushed OTA updates to reduce the spread of pre-installed Triada variants and removed infections from the affected phones.

It is worth noting here that Google hasn't mentioned the names of devices that had the questionable backdoor access. However, security firm Dr. Web in a report published in late July 2017 revealed that several Android devices had Triada within their firmware. The devices including Leagoo M5 Plus, Leagoo M8, Nomu S10, and Nomu S20. Moreover, Google confirmed the findings of the Dr. Web report.

To ensure the security of devices, Google is claimed to have provided OEMs with a "Build Test Suite" that helps them examine Android ROMs before launching the hardware publicly and scan for malware like Triada to reduce their impact.


For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Further reading: Triada, Android, Google
Destiny 2 Becomes Free-to-Play, Cross Save Support and Shadowkeep Expansion Announced
Netflix Indian Series Leila Release Date, Cast, Directors, Trailer, Review, and More
Share on Facebook Gadgets360 Twitter Share Tweet Snapchat Share Reddit Comment google-newsGoogle News


Follow Us
© Copyright Red Pixels Ventures Limited 2024. All rights reserved.
Trending Products »
Latest Tech News »