Android vulnerabilities in Samsung, Xiaomi, and Asus phones: a comprehensive guide to risks, solutions, and protection

  • 146 pre-installed vulnerabilities affect Samsung, Xiaomi, Asus, and other devices.
  • Updating your system and apps is key to protecting yourself from attacks and malware.
  • Malware remains an active threat; vigilance and patching are essential for Android.
Angel PitarqueUpdated on

8 minutes

vulnerabilities in pre-installed Android applications

The vulnerabilities in Android devices have once again become the focus of attention after the exhaustive study by the corporate security company cryptowire, which has identified no fewer than 146 serious vulnerabilities in pre-installed applications, affecting devices from up to 27 different manufacturers. This discovery highlights the importance of maintaining security in the Android ecosystem, where renowned brands like Samsung, Xiaomi, and Asus are not exempt from risk.

android security
Related article:
Advanced Android Security Guide: Essential Tips to Protect Your Phone and Personal Data

Android security against vulnerabilities and malware

Why are pre-installed vulnerabilities so dangerous?

The pre-installed applications on Android phones can not only reduce performance or consume battery unnecessarily, but, as this study reveals, they can seriously endanger the user security and privacyThese vulnerabilities affect both high-end and entry-level smartphones, expanding the scope of the problem to millions of users worldwide.

  • Unauthorized users could modify critical system settings without the knowledge or consent of the owner.
  • Installing malicious apps secretly, facilitating the entry of spyware and malware.
  • Possibility to record audio from the device, putting personal and professional privacy at risk.

fingerprint reader and security on Android phones

Manufacturers involved: Samsung, Xiaomi, Asus and more

KryptoWire report puts focus on top-tier global manufacturers such as Samsung, Xiaomi and Asus, in addition to other brands present in the market. Numerous brands were identified vulnerable applications in custom systems that each manufacturer integrates into Android, which considerably expands the risk spectrum for models from different ranges and countries.

Samsung was one of the first to respond to these allegations, asserting that "appropriate protections are already in place" for the targeted apps. However, KryptoWire warns that these protections may not be sufficient, as Android's security architecture allows supply chain apps to access sensitive information without the user's knowledge or express consent.

KryptoWire studies Android vulnerabilities

KryptoWire's Vice President of Product, Tom Karygiannis, questions the current security of Android:

“Samsung applications may be used by users in the third-party supply chain to gain access to information without disclosing it or requiring permissions”.

"The current design of the Android security framework does not prevent that from happening today".

The study also points to other major manufacturers such as Xiaomi and Asus, whose customization layers and native apps may contain vulnerabilities that, if not corrected in time, open the door to sophisticated attacks, data theft, and identity theft.

Check WiFi network security on Android

Specific cases: vulnerabilities in apps and firmware

In the Android ecosystem, the variety of devices and manufacturers complicates security management. Beyond custom operating systems like Xiaomi's MIUI or Samsung's One UI, problems are often found in native applications, configuration services and system utilities:

  • En Samsung, the study highlights that the vulnerability was located especially in com.samsung.android.themecenter in different variants, putting the customization and configuration of Galaxy terminals at risk.
  • En Xiaomi, bugs were detected in apps such as com.miui.powerkeeper, com.huaqin.factory y com.qualcomm.qti.callenhancementIn addition, Microsoft and OverSecured identified 20 additional vulnerabilities across 12 of their own apps, including Gallery, GetApps, MIUI Bluetooth, Settings, Security, Cloud, and others, which could lead to data leaks, remote control, and manipulation of sensitive settings.
  • Asus is also on the list, and while its main recent incidents revolve around routers, the brand's smartphones with customized Android have been the subject of analysis for their management of updates and security patches.

The common denominator is that firmware and security updates are the key tool for closing these gaps. However, Android's inherent fragmentation can mean that some devices may take weeks or months to receive fixes.

WiFi security review on Android phones

New threats: malware, spyware, and critical vulnerabilities

Every month new alerts arise about serious security flaws, such as the recently discovered vulnerability CVE-2024-43093, which affects the Android Framework and allows privilege escalation and unauthorized access to system directories. These types of vulnerabilities are often actively exploited in spyware campaigns, aiming to compromise privacy, passwords, and complete control of affected devices.

  • Critical failures at the hardware and software level They allow remote code execution, facilitating the installation of malware without user interaction.
  • QualPwn malware It exploits weaknesses in Qualcomm chips to infiltrate Samsung, Xiaomi, Asus, LG, Sony and other devices, especially models with popular SoCs such as the 835 and 845, compromising the WiFi network and the modem.
  • Some vulnerabilities can allow attackers to access home Wi-Fi networks and sensitive information, both on mobile devices and routers, if they are not properly updated.

El Android fragmentation problem persists, as the variety of manufacturers and versions means that Google devices (such as the Pixel) receive patches first, while other brands can take months to implement them, leaving millions of users exposed for long periods.

WiFi and Android network security

Strategies and tips to protect yourself from Android vulnerabilities

To protect your Android device In the face of vulnerabilities such as those described, it is essential to follow these recommendations to minimize the risk:

  1. Always update your operating system and apps from official sources. Go to Settings > Software Updates and make sure you have the latest version and security patches.
  2. Manually check for pending updates, since customization layers can often hide the existence of important patches.
  3. Download apps only from official stores like Google Play and avoid alternative sources.
  4. Pay special attention to native apps, which are the most difficult to uninstall and where vulnerabilities have been most frequently detected.
  5. Use cybersecurity and antivirus solutions recommended for Android, such as those endorsed by recognized organizations (ESET, Lookout, Zimperium, among others).

Google has responded to the growing threat of malware on Android by bringing together major players in the industry under the App Defense Alliance, with the goal of stopping malicious apps before they reach users' devices, but there's still a long way to go before the platform can be considered truly secure.

As all experts and official statements from manufacturers like Xiaomi and Samsung emphasize, the key to avoiding risks is keeping your phone up to date. Security updates not only improve performance but also fix bugs that can be exploited by cybercriminals.

  • En XiaomiAfter discovering and reporting 20 vulnerabilities in 12 native apps, the company released specific patches and announced their immediate availability, urging users to manually check for updates in MIUI or HyperOS if they are not automatically notified.
  • Samsung releases monthly security updates for its Galaxy family, especially after detecting critical or high-risk breaches.
  • Asus and other manufacturers also recommend frequently applying new firmware versions and checking their WebGUI control panels for pending updates for routers and other connected devices.

Routercheck: Check the security of your WiFi network

How do you know if your Samsung, Xiaomi, or Asus phone is vulnerable?

The most effective way to know if your device is protected is check the security patch level that appears in Settings > About phone > System information or Security. If it's been several months since the last update or if your model appears on lists of vulnerable devices, you should check the manufacturer's website and force the search for firmware and security updates in your cellphone.

Sometimes, such common functionalities as audio or video recording, WiFi network management or cloud access may be compromised. Hence the importance of keeping firmware and native apps fully updated and regularly reporting any active vulnerabilities.

Check Android vulnerabilities at home

Cybercriminals prefer mobile devices because of the amount of personal, banking, and professional data we handle daily. If an attacker exploits an unpatched breach, they can remotely control the phone, accessing photos, passwords, bank accounts, and other critical information.

With an increasingly connected mobile environment (home automation, wearables, smart routers), the security chain It depends on updating both phones and all connected devices. Reacting quickly to new threats is essential to avoid serious consequences.

Android backups and protection

The evolution of Android threats, especially on devices from leading brands like Samsung, Xiaomi, and Asus, underscores the need for constant vigilance. Users must take an active role in protecting their devices by applying updates, reviewing permissions, and trusting only official sources. The joint effort of manufacturers, developers, and users is key to building a more secure mobile environment for everyone.


Leave a Comment

Your email address will not be published. Required fields are marked with *

*

*