Google Reveals Security Backdoor Installed on Android Devices

Last June 6, 2019, Wednesday, Google revealed that some Android devices came with preinstalled advanced security backdoor. Following this, the company acknowledges that Android phones targeted malware phones in the attack.

According to The Verge, hackers successfully installed malware on mobile phones prior to customer use via third-party suppliers.

Background and Brief History

In a report released by Google, the California-based company details its dealings with the Triada family. The post comes from Lukasz Siewierski from the Android Security & privacy Team.

Based on the accounts of Siewierski, the Triada application gears itself towards installing spam applications and advertisements on mobile devices. The installed malware directly impacts installed applications.


Ars Technica states that the Triada incident first came about in 2016. Kaspersky dubbed the malware as one of the most advanced Trojans created.

A senior security researcher at Zimperium, Mike Cramp, concurred about Triada’s strength and advancement in the field. Cramp acknowledges “it uses C&C and other techniques that we usually see more in the malicious malware side of things.”

However, in 2017, Ars Technica notes that the newly released version failed to come with rooting capabilities.

Google Reveals Security Backdoor Installed on Android Devices

Lies and Deceit

To install malware, hackers disguised themselves as software vendors. By working with a software supplier, original equipment manufacturers (OEMs) can improve their system. Veering away from the Android Open Source Project, OEMs could enhance features by working with a third-party service provider.


PC Mag notes that hackers took advantage of the situation and installed the malware in the gadgets.

Forbes cites that hacker could most likely be Chinese. Often, these hackers go by the names Yehuo or Blazefire. Meanwhile, NDTV reveals that some of the phone models affected by the malware include Leagoo M5 Plus. Other lower-end devices include the Leagoo M8, Nomu S10, and Nomu S20.

In addition to these models, Germany also released a warning for its mobile users, with more than 20,000 affected. Other affected models such as the Doogee BL7000, the Keecoo P11, and the M Horse Pure 1, state PC Mag. However, authorities are unclear on the connection of this malware and the Triada.

NDTV reports that the latest smartphones remain in the clear.

Immediate Action and Repair

To protect against further damages and escalations, Google used detection and implementation via its Google Play Protect. “Implementation… and the increased security on newer Android devices made it significantly harder for Triada to infect devices,” state Siewierski.