"The G DATA security experts are certain that the manufacturers are not the perpetrators in the majority of cases. Renowned companies will not risk their reputation by distributing malware in the firmware."
Manufacturers have no qualms about installing bloatware and even spyware onto laptops. It would be interesting to know what standards, if any are used to sift out the malware from potential bloatware candidates.
While SuperFish was a security risk it wasn't a "malware", there is a difference between various really stupid and blatant backdoors and other security risks and actual malware.
Lenovo didn't use it to steal user's data they could care less about it, but some one could abuse it to compromise users both through compromising SuperFish it self and by exploiting the fact that SuperFish will issue certificates to SSL websites even if the original certificate isn't really valid which will allow attackers to MITM SSL connections.
Sony also had distributed software that could be classified as backdoors or rootkits in it's CD's as DRM, many other companies also had similar incidents.
While it's a stupid practice and quite unfair to your customers you can't really call it malicious since they didn't really used it for that just never thought it quite true or didn't care enough in the first place.
The packages in this case seem to be actual malware and not some adware/unwanted software installed by the vendors which while might be a security risk wasn't intended to actually compromise the user.
This is mostly false report because at least Xiaomi don't have any Facebook app pre-installed. Just bunch of MIUI crapware.
Affected models are Huawei G510, Lenovo S860, Xiaomi MI3 (and 18 other ignored models not mentioned in title) which dates back to as early as 2012, in Android 4.0 age I assume. Pretty good craigslist deal to get there second hand phones tested for a 2015 security report. Hey their "security expert" might even did a double wipe and factory reset in recovery!
Different phones, different regions, different vendors.
Could just as easily be a supply chain issue where a reseller decided to make some money on the side, could censorship relted crap mandated by the Chinese government for local usage leaking into exports phones, could be some one on craigs list, could be completely fabricated.
However the fact that some phones didn't come with it doesn't mean much either.
Seems that the original code name for the facebook app was Katana so using katama instead is akin to registering www.worldofworcraft.com for you phishing domain.
So while this whitepaper might be overblown and pure marketing it seems that there's some truth behind this.
"The G DATA security experts are certain that the manufacturers are not the perpetrators in the majority of cases. Renowned companies will not risk their reputation by distributing malware in the firmware."
Manufacturers have no qualms about installing bloatware and even spyware onto laptops. It would be interesting to know what standards, if any are used to sift out the malware from potential bloatware candidates.