bleepingcomputer[.]com/news/security/popular-android-based-photo-frames-download-malware-on-boot/
Mobile security company Quokka investigated the Uhale app that's used by a Lot of these picture frames, though for instance you may have to read their descriptions on the product page at Amazon [or whatever retailer] before you see the word Uhale, and then it depends on if the seller bothers to mention it.
Starting with the most alarming findings, many of the analyzed Uhale photo frames download malicious payloads from China-based servers at boot.“Upon booting, many investigated frames check for and update to the Uhale app version 4.2.0,” Quokka researchers say in the report.
“The device then installs this new version and reboots. After the reboot, the updated Uhale app initiates the download and execution of malware.”
The downloaded JAR/DEX file that is saved under the Uhale app’s file directory is loaded and executed at every subsequent boot.
The devices that Quokka examined had the SELinux security module disabled, came rooted by default, and many system components were signed with AOSP test-keys.
Since most of these products are marketed and sold under various brands without mentioning the platform they use, it is difficult to estimate the exact number of potentially impacted users.The Uhale app has more than 500,000 downloads on Google Play and 11,000 user reviews in the App Store. Uhale-branded photo frames on Amazon have nearly a thousand user reviews.