Xuxian Jiang, an assistant professor of computer science at North Caroline State, said some pre-loaded applications are built on top of the existing Android architecture in such a way as to create potential backdoors that can be used to give third-parties direct access to personal information or other phone features.
Jiang said HTC's Legend, EVO 4G and Wildfire S, Motorola's Droid X and Samsung's Epic 4G all had significant vulnerabilities.
The researchers, however, said they notified manufacturers of the vulnerabilities as soon as they were discovered.
"If you have one of these phones, your best bet to protect yourself moving forward is to make sure you accept security updates from your vendor," Jiang said Wednesday in a release. "And avoid installing any apps that you don't trust completely."
The research, supported by the National Science Foundation and the U.S. Army Research Office, is scheduled to be presented in February at a conference in San Diego.