Hidden Backdoors Discovered in Numerous Android Devices: A Deep Dive

thousands of android devices come with a hidden backdoor wrp3.1920

In recent times, the security of Android devices has come under scrutiny as thousands of these devices have been found to contain hidden backdoors. These backdoors not only compromise the security of the device but also pose a significant threat to user data and privacy.

Key Highlights:

  • Thousands of Android TV devices found with pre-installed backdoors.
  • Cybersecurity firm Human Security reveals the extent of the issue.
  • Devices found in homes, businesses, and schools across the US.
  • Advertising fraud linked to the scheme discovered.
  • At least 39 Android and iOS apps involved in a related ad fraud operation.

The Unsettling Discovery:

When consumers purchase a TV streaming box, they expect it to serve its primary function without any hidden surprises. However, for many who bought cheap Android TV devices, the reality was quite different. In January, security researcher Daniel Milisic discovered that an Android TV streaming box, the T95, came with malware right from the factory. This discovery was just the beginning of a much larger issue.

The Extent of the Problem:

Human Security, a cybersecurity firm, delved deeper into the matter and found that the problem was more widespread than initially thought. Their research revealed that seven different Android TV boxes and one tablet had these backdoors pre-installed. Alarmingly, they also identified signs that up to 200 different models of Android devices might be affected. These compromised devices have found their way into homes, businesses, and even schools across the US.

The Web of Fraud:

The backdoors in these devices weren’t just a security risk; they were part of a larger web of fraud schemes. Human Security identified two main areas of concern. The first, termed “Badbox,” relates to the compromised Android devices and their involvement in various fraudulent activities. The second, dubbed “Peachpit,” is an ad fraud operation that involves at least 39 Android and iOS apps. This operation was so extensive that Google had to remove the implicated apps following Human Security’s findings. Apple also took action by addressing issues in several reported apps.

A Deeper Look into Badbox:

Cheap Android streaming boxes, often priced below $50, are readily available online and in physical stores. These boxes often lack branding, making it challenging to trace their origins. In the latter half of 2022, Human Security’s researchers identified an Android app connected to suspicious traffic linked to the domain flyermobi.com. This domain was also highlighted in Milisic’s initial findings about the T95 Android box. Further investigations confirmed the presence of backdoors in eight devices, including seven TV boxes and one tablet. Shockingly, at least 74,000 Android devices worldwide showed signs of a “Badbox” infection, with some even being used in US school.


The discovery of hidden backdoors in thousands of Android devices has sent shockwaves through the tech community. While the immediate concern is the compromised security of these devices, the larger issue is the interconnected web of fraud schemes linked to them. As consumers, it’s crucial to stay informed and exercise caution when purchasing devices, especially from unknown or untrusted sources. The tech industry and cybersecurity experts must also remain vigilant to prevent such widespread security breaches in the future.

About the author


Joshua Bartholomew

A casual guy with no definite plans for the day, he enjoys life to the fullest. A tech geek and coder, he also likes to hack apart hardware. He has a big passion for Linux, open source, gaming and blogging. He believes that the world is an awesome place and we're here to enjoy it! He's currently the youngest member of the team. You can contact him at joshua@pc-tablet.com.