Microsoft Experts Found Vulnerabilities in Pre-Installed Android Applications

Vulnerabilities in preinstalled Android apps

Microsoft experts have found four serious vulnerabilities in pre-installed Android applications, namely in the framework used by Android applications of several major international mobile service providers.

Vulnerabilities were discovered in the platform of mce Systems, an Israeli company that provides software for mobile operators.

Let me remind you that we also wrote that About 8% of apps in the Google Play Store are vulnerable to a bug in the Play Core library, and also that Google recruits a team of experts to find bugs in Android applications.

Issues scoring between 7 and 8.9 on the CVSS vulnerability rating scale range from command injection to local privilege escalation. They have been assigned the identifiers CVE-2021-42598, CVE-2021-42599, CVE-2021-42600 and CVE-2021-42601.

Vulnerable apps reportedly have millions of downloads on the Google Play Store and are pre-installed as system apps on many devices. Microsoft does not disclose the full list of applications that use the vulnerable platform, but writes that such applications can be found on devices purchased from carriers such as AT&T, TELUS, Rogers Communications, Bell Canada and Freedom Mobile.

All applications were built into the system image of the devices, which suggests that they were the default applications installed by the carriers. All apps are available in the Google Play Store where they pass automatic Google Play Protect security checks, however these checks did not scan the apps for these types of issues.

Like many pre-installed or default apps that ship with most Android devices these days, some of the affected apps cannot be completely removed or disabled without root access to the device.Microsoft 365 Defender wrote.

All Microsoft vendors are reported to have updated their apps to fix bugs before the security bulletin was published, but other telecoms apps may be using the same problematic framework.

In addition, the researchers warn that other Android devices can also be attacked by these vulnerabilities if the com.mce.mceiotraceagent application, for example, is installed in a phone repair shop. Anyone who finds such an application on their device is advised to remove it immediately.

By Vladimir Krasnogolovy

Vladimir is a technical specialist who loves giving qualified advices and tips on GridinSoft's products. He's available 24/7 to assist you in any question regarding internet security.

View all of Vladimir Krasnogolovy's posts.

Leave a comment

Your email address will not be published.