Researchers: Android Bloatware a Security Risk
Unwanted pre-installed software on Android devices often poses privacy and security risks according to a new study. That's because the so-called "bloatware" often by-passes Google's vetting process.
One of the key selling points, or big drawbacks - depending on your perspective - of the Android operating system is that phone and tablet makers can customize their own devices, through the user interface and the apps that appear when a new device is first powered on. That's different from systems such as Apple, where both the hardware and software are controlled by the same company.
The study comes from researchers at two universities, namely: Stony Brook in New York and Universidad Carlos III de Madrid. They created an app that scans phones for a complete list of files and asked volunteers to run it.
Most Apps Not Google-Vetted
In total, the study included information from 2,747 people covering 1,742 different models of phone from 214 manufacturers.
According to researchers, both the geographic breakdown of the participants and the proportion of handsets from major manufacturers appeared fairly close to the Android user base as a whole. The researchers discarded results from users who appeared to have rooted their phones, meaning they gained a level of access beyond that which the manufacturer intended.
The app let the researchers distinguish between files and apps the user had installed and those which were on the phone when it was originally shipped. In most cases, they found more than 400,000 files were pre-installed. Of those files, only nine percent were ones that are available through the Google Play store. (Source: sophos.com)
That means the rest were put there by manufacturers and haven't been vetted by Google's own (albeit limited) review process which aims to catch security risks and misleading apps.
Lack of Transparency Attacked
The researchers then looked at what the apps did, along with what permissions they used.
They noted that there were significant problems beyond the common complaints of bloatware, which typically includes apps that unnecessarily use up disk space, memory and other resources. They suggested that "results reveal that a significant part of the pre-installed software exhibit potentially harmful or unwanted behavior."
They also warned of "poor software engineering practices and lack of transparency in the supply chain that unnecessarily increase users' security and privacy risks." (Source: arxiv.org)
The researchers then suggested that manufacturers who use Android should be required to include details on the handset of what files and apps are preinstalled, who made the apps, and what they do.
What's Your Opinion?
Would you like to see such details readily available? Would you prefer more manufacturers to make phones that run "pure" Android without any tweaks or added software? Have you found pre-installed apps on your phone useful or a waste of space?
My name is Dennis Faas and I am a senior systems administrator and IT technical analyst specializing in cyber crimes (sextortion / blackmail / tech support scams) with over 30 years experience; I also run this website! If you need technical assistance , I can help. Click here to email me now; optionally, you can review my resume here. You can also read how I can fix your computer over the Internet (also includes user reviews).
We are BBB Accredited
We are BBB accredited (A+ rating), celebrating 21 years of excellence! Click to view our rating on the BBB.
Comments
bloatware
WHY DOES Google even allow phone makers and phone companies to install such software?
Bloatware
Yes, I'd rather have my phone clean without apps that I don't install myself. But I will ad that Android updates are certainly less of a pain than are W10 updates!