Samsung pre-installed apps left Galaxy phones open to hacking

Although Google has its recommended set of apps for all Android phones to have, some manufacturers have long preferred to still provide their own core apps and custom experiences. For the longest time, Samsung has been one of the biggest culprits of that divergent experience, but it has lately been trying to trim down its set of apps. That doesn’t mean it hasn’t done away with those completely, especially pre-installed apps and services that provide functionality that neither Google nor Android itself provides. Unfortunately, those apps and services can also become entry points for hackers, as demonstrated by this latest security report.

To be fair, there was a period when Google and Android, at least AOSP, didn't provide adequate app support, and OEMs were left to their own devices. Samsung added its own SMS, Phonebook, Calendar, and Calculator apps, as well as Knox security and Secure Folder services, to give functions that Android lacked. Samsung still pre-installs several of these apps, even though it also pre-installs Google's equivalent, and some of them have become security risks.

Security for mobile apps Samsung's own apps and services have seven vulnerabilities, according to oversecured. Some were detected in the Knox secure framework, but others were also detected in the DeX desktop framework and even the Phone app UI. Hackers might use the flaws to steal SMS, install arbitrary programs, or obtain file access as the system user.

Due to the seriousness of the risks, Oversecured hasn't publicly disclosed any further vulnerabilities. They did so responsibly and informed Samsung, who addressed the issues and released patches in April and May of this year. Samsung claims to be unaware of any allegations claiming to have exploited the issues.

Of course, security flaws in apps and software are common, but the closer they are to the operating system's core, the greater the risk they pose. Nothing gets closer to the system than Samsung's own system programs, and this analysis should make Samsung more conscious of the responsibility it bears for pre-installed programs and services that consumers can't easily uninstall or stop.