What's wrong with google?
Strictly speaking, google is not bad at all: to put such a powerful trojan into the pockets of about a couple of billion people - that takes some skill. The intelligence services would be jealous.To illustrate, let's look at google play services, installed on every android since version 4.4.2. (Talking about preinstalled backdoors).
In the BespalePhone it is, of course, cut out, along with the rest of the google family.
To begin with, let's break down the basics:
1. Permissions (android runtime permissions) are the capabilities of the application, i.e. what exactly this apk can do in the system, what it is allowed to do.
2. Our test subject (google play services) has more than 270 permissions (honestly, I never knew that there are so many at all).
So, what can google play services do:
- Get a lot of information about the car (adroid auto / carplay), but that's only half the trouble, because it can also manage the car: windows, tires, mirrors, mileage, doors, driving mode management, seats, speed, lights, battery, climate control - not bad, right?
- Embed in activiti, substitute applications and icons.
- Chimera is a module for controlling any component in the system (from user applications to imei)
- Full SMS control (send, receive, read, write, etc.).
- Full root control of the device (by the way, there is always a root in the system, the question is who has it)
- Access to all the activites (where you can build in).
- Contacts.
- Control of USB.
- Access to all IDs.
- Keyguard disconnection.
- Access to email and voice mail.
- Full network control (on/off, download in background, etc.).
- WiFi passwords access and transmission.
- Audio recording, including Charture Audio Hotword, i.e. continuous beacon word monitoring.
- Location tracking in all views with all privileges (on/off, mode, and even - in the case of aggressive).
- Send payment information!
- Camera.
- Make calls, access to all call history.
- Any operations with permissions, i.e. to give the microphone to someone to whom you have forbidden, for example.
- Lock/unlock the device, bypass passwords.
- Fingerprint/FaceID - full control and management.
- Substitution and deletion of notifications (SMS, calls, messengers, etc.).
- Bluetooth control.
- Key spoofing and password resetting.
And that's all - just google play sevices alone!
In addition to it in each android is about 30-50 more apk from google with a similar set, and somewhere complementing it.
By the way, in any branded phones, such as: samsung/xiaomi/huawei/meizu/oneplus/and almost any brand you can think of - in such phones, in addition to google, in the system sits the manufacturer itself, with the same set of permissions. But unlike google, it is often impossible to cut off the manufacturer: the phone will die/stop booting/basic functionality will stop working.