Android smartphone devices produced by the world’s most prominent manufacturers, including Huawei, Samsung and Xiaomi, are being openly shipped and sold with radically different levels of on-board security in different countries, according to researchers at Finland’s F-Secure.

Android devices usually arrive preloaded with a number of apps (and sometimes other customisations) added by the manufacturer and, often, the carrier too. Like all apps, these can suffer from vulnerabilities and thereby expose the user to security and privacy risks. What makes these apps special is that the user may not be able to remove them, and, in some cases, they have additional privileges not available to user-installed apps.
While geographic customisation may be necessary in some cases, such as providing access to an app store in regions where Google Play is not available, manufacturers have a responsibility to protect their users by employing sound security practices in developing apps, providing timely updates when vulnerabilities are found, and carefully vetting (and, where possible, minimising) third-party apps shipped with their devices. Users should ensure they always apply the most recent updates to their devices to ensure they’re protected from known, patched vulnerabilities.