There are a number of very interesting things about this article from Ars Technica on the malware found pre-installed on a substantial list of smartphones:
A commercial malware scanner used by businesses has recently detected an outbreak of malware that came preinstalled on more than three dozen Android devices.
An assortment of malware was found on 38 Android devices belonging to two unidentified companies. This is according to a blog post published Friday by Check Point Software Technologies, maker of a mobile threat prevention app. The malicious apps weren’t part of the official ROM firmware supplied by the phone manufacturers but were added later somewhere along the supply chain. In six of the cases, the malware was installed to the ROM using system privileges, a technique that requires the firmware to be completely reinstalled for the phone to be disinfected.
“This finding proves that, even if a user is extremely careful, never clicks a malicious link, or downloads a fishy app, he can still be infected by malware without even knowing it,” Check Point Mobile Threat Researcher Daniel Padon told Ars. “This should be a concern for all mobile users.”
Among the brands affected were Samsung, LG, Xiaomi, ZTE, Oppo, Vivo, Asus, and Nexus. What I found particularly interesting is the number of countries in which these phones are, at least in theory, manufactured which includes at least Vietnam, China, South Korea, and the United States.
I don’t believe it. I think that somebody is fibbing. It’s pretty tough tracing the supply chains for all of these smartphones but I wouldn’t be a bit surprised if the ROMs for all of those phones were burned in the same factory and that factory is in all likelihood located either in China or Vietnam.
Last stage assembly is not “manufacturing a smartphone”. If Google is going to claim that their smartphones are made in the U. S. of A. they darned well should be made in the U. S. of A.