From news.sophos.com
Inexpensive mobile phones may be subject to “supply chain compromise,” with Trojaned third party apps. We look at a phone that shipped with factory-installed malware
These days, when it comes to buying a new Android phone, users have a huge number of choices suitable for nearly any budget. But some inexpensive, off-brand phones may not offer the same level of quality control that customers of better-known manufacturers have come to expect. In some cases, you might even end up with a phone that ships, brand new from the factory, pre-installed with a potentially unwanted app (PUA) or even malware — a situation known as a supply chain compromise.
Read more here