There’s nothing wrong with the premise of the U.S. Government’s Lifeline Assistance program. It allows those with substantially low incomes—135 per cent or less than the U.S. Federal Poverty Guidelines, or less than $24,000 for a single-person household—to receive discounted or free phones and wireless services. However, when one of the phones being offered comes with malware preinstalled, that’s a big problem.
At least, that’s the assertion from MalwareBytes, which noticed some issues with apps preinstalled on the one such phone, the Unimax U686CL sold by Virgin Mobile’s Assurance Wireless. And here’s what it found:
“The first questionable app found on the UMX U686CL poses as an updater named Wireless Update. Yes, it is capable of updating the mobile device. In fact, it’s the only way to update the mobile device’s operating system (OS). Conversely, it is also capable of auto-installing apps without user consent.
Thus, we detect this app as Android/PUP.Riskware.Autoins.Fota.fbcvd, a detection name that should sound familiar to Malwarebytes for Android customers. That’s because the app is actually a variant of Adups, a China-based company caught collecting user data, creating backdoors for mobile devices and, yes, developing auto-installers.”
And that’s not all. A second app found on the smartphone—its own Settings app, no less—was actually a trojan dropper that MalwareBytes classifies as “Android/Trojan.Dropper.Agent.UMX.” Once it loads, it drops a second piece of malware on users’ phones (the third in total, if we’re counting) that will then fill your device full of annoying advertising. Fun.
In a statement, Assurance Wireless told ZDNet that they are “aware of this issue and are in touch with the device manufacturer Unimax to understand the root cause, however, after our initial testing we do not believe the applications described in the media are malware.”
There’s an easy fix for this, right?
Here’s the worst news: There’s nothing you can really do about these preinstalled problems in this case. You could theoretically get rid of the Wireless Updates app, but then your device won’t receive any updates, and that’s a security (and features) problem in itself. Remove Settings, and even I’m not sure what would happen to your phone. I suspect it would become inoperable.
If you come across a similar problem, Malwarebytes does offer some Frankenstein-like solutions, whereby you attempt to uninstall the offending app and replace it with a clean, identical version of the same app. It’s a lot of work with no guarantee of success; so much so, that even Malwarebytes concedes that your best route to deal with preinstalled malware on your smartphone is to simply avoid smartphones with these issues.
That’s easier said than done, though. If you’ve been using a UMX U686CL, you’re already infected. It’s unclear what, if any, additional malware applications have been loaded onto your device, but I would strongly urge you to upload your critical data somewhere else—either to a connected computer or the cloud—and factory-reset your phone. After that, return it to wherever you purchased it. If that’s not possible, recycle it and buy something else.
If you buy another budget smartphone...
Should you get another budget phone? You certainly can; however, Malwarebytes notes that it has seen more budget android devices arrive with preinstalled malware lately. It only takes a quick search or two to find many more reports of this practice.
If you opt for another, you should install Malwarebytes’ Android app and see if it finds anything—don’t spring for the premium package, which is unnecessary if you’re trying to root out preinstalled problems. Otherwise, I recommend setting a Google alert for your smartphone’s model (like “UMX U686CL”), so you can get a quick notification if, or when, someone else discovers a problem on your device.
And, as always, if you notice something suspicious on your phone—weirdly named apps that weren’t there before, new advertisements appearing out of nowhere, things like that—odds are good you have a malware problem on your hands. You might want to do some additional investigating, resist the urge to give your device more personal data (like your credit card information), and possibly start shopping for another smartphone.