Another threat factor to consider from a mobile device perspective is that of the manufacturer. Recently the United States Government has become increasingly concerned over telecom and networking equipment that is supplied by Chinese companies. A congressional report was ordered over two large Chinese Telecom companies, Huawei and ZTE, and the relationship they have with the Chinese Government. These two companies provide a number of low cost, entry level Android and Windows phones. There is concern that mobile devices made by these companies could be vulnerable or have backdoors built into them that could allow the Chinese government access to the data stored on the devices [1].
Two mobile devices made by ZTE, one of the companies listed in the congressional report, were found to have backdoors built into their devices. The backdoor was a hardcoded password that allowed for instant root access to the phone. The password for this was freely available on many websites. This could not only have been used maliciously by the manufacturer but applications could use that to assume control of the phone. This was brought to light before the congressional report was published about Huawei and ZTE [2].
HTC, a Taiwanese company that makes a number of smartphones, recently settled a case with the Federal Trade Commission over HTC’s implementation of software they loaded on their Android devices. The way the applications were setup circumvented some of the security models native to Android and could allow for easy exploitation by malicious parties [3].