Hackers use the most ingenious tricks to install malware. Google’s specialists have identified a technique for preinstalling Triada’s hacker applications on smartphones, the task of which is to distribute spam and unauthorized advertising. Malicious applications were installed on Android smartphones at the factory, and consumers received devices with pre-installed hacker software. This opportunity appeared due to the insolvency of manufacturers to provide smartphones with all the necessary functions on their own. Through third-party organizations, the Triada family applications got onto smartphones. Currently, Google has carried out preventive work with all software vendors at smartphone manufacturers. A 2017 Dr.Web study claims that this problem was on smartphones of the Leagoo M5 Plus, Leagoo M8, Nomu S10 and Nomu S20 models. Technically, even large companies find it difficult to create Android firmware without using third-party code. Therefore, Google offers OEM partners the Build Test Suite application, which can scan for malware, such as Triada, to reduce the risk of hacker programs getting onto smartphones. In addition, Google insists on installing Google Play services on Android smartphones, which conduct a preliminary scan for viruses. This argument could be decisive in Google’s disputes over EU antitrust violations.