Researchers: Android Bloatware a Security Risk

John Lister's picture

Unwanted pre-installed software on Android devices often poses privacy and security risks according to a new study. That's because the so-called "bloatware" often by-passes Google's vetting process.

One of the key selling points, or big drawbacks - depending on your perspective - of the Android operating system is that phone and tablet makers can customize their own devices, through the user interface and the apps that appear when a new device is first powered on. That's different from systems such as Apple, where both the hardware and software are controlled by the same company.

The study comes from researchers at two universities, namely: Stony Brook in New York and Universidad Carlos III de Madrid. They created an app that scans phones for a complete list of files and asked volunteers to run it.

Most Apps Not Google-Vetted

In total, the study included information from 2,747 people covering 1,742 different models of phone from 214 manufacturers.

According to researchers, both the geographic breakdown of the participants and the proportion of handsets from major manufacturers appeared fairly close to the Android user base as a whole. The researchers discarded results from users who appeared to have rooted their phones, meaning they gained a level of access beyond that which the manufacturer intended.

The app let the researchers distinguish between files and apps the user had installed and those which were on the phone when it was originally shipped. In most cases, they found more than 400,000 files were pre-installed. Of those files, only nine percent were ones that are available through the Google Play store. (Source: sophos.com)

That means the rest were put there by manufacturers and haven't been vetted by Google's own (albeit limited) review process which aims to catch security risks and misleading apps.

Lack of Transparency Attacked

The researchers then looked at what the apps did, along with what permissions they used.

They noted that there were significant problems beyond the common complaints of bloatware, which typically includes apps that unnecessarily use up disk space, memory and other resources. They suggested that "results reveal that a significant part of the pre-installed software exhibit potentially harmful or unwanted behavior."

They also warned of "poor software engineering practices and lack of transparency in the supply chain that unnecessarily increase users' security and privacy risks." (Source: arxiv.org)

The researchers then suggested that manufacturers who use Android should be required to include details on the handset of what files and apps are preinstalled, who made the apps, and what they do.

What's Your Opinion?

Would you like to see such details readily available? Would you prefer more manufacturers to make phones that run "pure" Android without any tweaks or added software? Have you found pre-installed apps on your phone useful or a waste of space?

Rate this article: 
Average: 5 (6 votes)

Comments

bobf0648's picture

WHY DOES Google even allow phone makers and phone companies to install such software?

glen's picture

Yes, I'd rather have my phone clean without apps that I don't install myself. But I will ad that Android updates are certainly less of a pain than are W10 updates!