Urgent warning to millions of Android users over security flaws in pre-installed apps that CAN’T be deleted

According to the research team, the vulnerabilities have now been fixed, but the weaknesses could have been susceptible to bad actors looking to get a hold of sensitive information.

Users have been warned that they should make sure their phones have the latest updates to make sure the fixes are applied.

Microsoft reported that the problems were contained in a mobile framework “used by multiple large mobile service providers in pre-installed Android System apps.”

Liabilities within the apps “potentially exposed users to remote (albeit complex) or local attacks”, Microsoft said.

The company says the problems were resolved through work with the mobile framework developer mce Systems and the mobile service providers impacted by the issue.

“We commend the quick and professional resolution from the mce Systems engineering teams, as well as the relevant providers in fixing each of these issues,” Microsoft said in its report.

“Collaboration among security researchers, software vendors, and the security community is important to continuously improve defenses for the larger ecosystem.”

As a result of the collaborative effort that successfully fixed the problem, the impacted users can keep using the apps without concern.

Microsoft’s detection of the Android system app vulnerabilities stemmed from general research into pre-installed applications. 

The team says it wanted to “better understand” how mobile device security is impacted by these kind of apps.

Within the mce Systems framework, they detected an element that could have been exploited by attackers to remotely commander control over the device.