5

When I connect most Android phones to a Windows 7 computer via USB, Windows will install the appropriate drivers for the device.

My (possibly incorrect) understanding is that those drivers come with Windows or, if needed, are downloaded from Microsoft servers. Since the drivers are provided by Microsoft, they have approximately the same trust level as anything else that comes through official Microsoft channels.

When I plug in a ZTE Android phone to a Windows computer, however, I get a unique menu on the phone. Three of the options are expected:

  1. Charge only
  2. Media device (MTP)
  3. Camera (PTP)

The fourth option is not expected:

  1. Install driver: Select this option when features (Connect to PC software, Media device) enabled for the first time, or when they're unavailable.

Is option #4 transmitting a driver contained on the phone to Windows? Or is it just signaling Windows to find it's own driver from Microsoft?

If the Windows driver comes directly from the phone, that would present a significant security issue.

RockPaperLz- Mask it or Casket
  • 3,114
  • 21
  • 50
  • My Sony phone had the same kind of option, which would make the phone appear as a USB mass storage device containing a setup.exe to install the drivers and the Sony software. I don't know if ZTE does the same thing. – user2313067 Dec 20 '16 at 05:11
  • @user2313067 Interesting. Thank you. If it is the same, that would mean the drivers are strictly from the phone's manufacturer, and - most likely - not from, or inspected by, Microsoft. – RockPaperLz- Mask it or Casket Dec 20 '16 at 05:20

2 Answers2

4

The drivers are from the phone's manufacturers, e.g if you have a Samsung phone, Samsung phone drivers will be installed on the computer. Microsoft has nothing to do with the phone drivers. As for the trust level, it really depends how much you trust your phone's manufacturer. If you are comfortable enough to send text messages or calls or emails etc. using the phone, then you shouldn't worry about the drivers.

stackman
  • 141
  • 1
1

The drivers are produced by the phone manufacturer under his responsability. The option allows to install the driver either directly from a special localtion on the phone - that the user normally cannot overwrite for security reasons - or from a manufacturer's server.

The risk of a driver containing malware is reasonably low - if you cannot trust a phone manufacturer, you should not by the phone in the first place. So I do not agree with you, there is no significant security issue here.

That being said, unwanted interactions are always possible, depending on other drivers of softwares already present. It will certainly not be intentional but problems can occur...

Serge Ballesta
  • 25,636
  • 4
  • 42
  • 84