The Enemy Within
You are aware of security threats like virus, malware etc… these threats are almost always handled by Google’s security framework. But I am going to talk about a different kind of security threats that you should be aware of; below I am going to explain certain kinds of attack on users privacy and data.
OEM pre installed apps
Most of the time the attack is not from outside but from inside, OEMs pre include many apps and services (some of them are hidden) that can silently steal data/personal information from your device. Many of the applications and services pre included in the device also make the system vulnerable, as bugs this kind of apps can be exploited to get system privilege to malware. Our aim is to make the user aware of this type of stealth attacks put inside your devices.
OEM Partner/ 3rd party Apps
OEMs make money by including 3rd party / network operator apps in the device, but the user has no idea what all permissions it uses and what all security issues are involved. These apps are not in the play store so it is very difficult to get feedback from other users e.g see this link Pre installed malware
System signed apps available in play store
OEMs can system sign an app and the app can be distributed through play store. This kind of apps can get system permission without any user acceptance. The screenshot below shows that teamviewer app installed from play store has got system permissions .You can see this application has got inject_events system permission and with this permission application can do many dangerous things like sending messages and making calls and also steal personal data. (We are not saying that team viewer app does this, but just showing you the potential problem with system signed apps in the playstore.)
Once these permissions are identified you can go to android settings to disable them.
Many of the apps are termed as bloatware by the community and you can safely disable them using package disabler pro app