For those who are unfamiliar with what has been going on, earlier this year, there was a Trojan malware called Triada that was discovered on a bunch of budget Android handsets. This confirmation by Google basically acknowledges that some Android handsets were indeed compromised by this malware as part of a supply chain attack.
This means that right out of the door, these Android handsets were compromised well before they reached the hands of their customers, where with every subsequent use of the phone and its apps, it could have allowed hackers access to the phone’s contents and data and would also allow hackers to remotely execute code on the device.
Google has since confirmed that they have worked with the OEMs of these devices and through OTA updates, have removed the infections and closed the backdoor. However, exactly how much damage might have been done as a result of the malware is unclear.