The Android Open Source Project (AOSP) is probably the most used and customized operating system for smartphones and IoT devices worldwide. Its market share and high adaptability makes Android an interesting operating system for many developers. Nowadays, we use Android firmware in smartphones, TVs, smartwatches, cars, and other devices by various vendors and manufacturers. The sheer amount of customized Android firmware and devices makes it hard for security analysts to detect potentially harmful applications. Another fact is that many vendors include apps from 3rd party developers. Such bloatware usually has more privileges than standard apps and cannot be removed by the user without rooting the device. In recent years several cases were reported where 3rd party developers could include malicious apps into the Android built chain. Media reports claim that pre-installed malware like Chamois and Triade we able to infect several million devices. Such cases demonstrate the need for better strategies for analyzing Android firmware. In our study, we analyze the Android firmware eco-system in various ways. We collected a dataset with several thousand Android firmware archives and show that several terabytes of firmware data are waiting on the web to be analyzed. We develop a web service called FirmwareDroid for analyzing Android firmware archives and pre-installed apps and create a dataset of firmware samples. Focusing on Android apps, we automated the process of extracting and scanning pre-installed apps with state of the art open-source tools. We demonstrate on real data that pre-installed apps are, in fact, a a threat to Android's users, and we can detect several hundred malware samples using scanners like VirusTotal, AndroGuard, and APKiD. With state of the art tools, we could scan more than 900000 apps during our research and give unique insights into Android custom ROMs.

翻译：Android Open Source Project (AOSP) 可能是全世界智能手机和 IOT 设备使用量和定制操作系统中最常用和定制的 Guroid 开放源码项目( AOSP ) 。 它的市场份额和高适应性使Android成为许多开发商有趣的操作系统。 现在, 我们使用智能手机、 电视、 智能观察、 汽车和其他设备来使用Android 固态软件。 大量定制的Android 固态软件和装置使得安全分析员很难发现潜在有害的应用程序。 另一个事实是, 许多供应商包括3rd党的应用程序。 这种液态软件通常比标准应用程序有更大的特权, 并且不能被用户在不扎根的服务器上移除。 近些年来, 3rd 政党的开发者可以把恶意的应用程序纳入Android milalderform 系统。 这些案例可以证明, 我们用多种方式分析Androdrod rod efroal e-doal oward ows 系统。