We’ve always suspected that pre-installed apps weren’t up to much good, but there’s hasn’t been enough evidence to support this. But now a new study has emerged to show just how damaging some pre-installed apps can be.
A group of researchers from four institutions have published a detailed report titled “An Analysis of Pre-installed Android Software.”The research analyzed over 82,000 pre-installed apps available on over 1,700 devices from 214 manufacturers.
According to the study, many of these apps constitute severe threats to user privacy and even security.
Not a good look for Android users to bash iOS due to the FaceTime issue right now considering the various reports of security issues on Android phones from shoddy preinstalled apps and certain phones not getting regular security updates.
— Brad Davis (@Bgamer90) January 29, 2019
Tired of these #TechWars.
For one, the study suggests that the current Android open source model lacks transparency and supports harmful behavior such as accessing user data without permission.
Many pre-installed apps carry digital certificates that makes it hard to identify which company created them. Some even use “debug” certificates, which is only used for development purposes, not production. When a debug certificate is put an app, other apps can access its sensitive data without requesting permission.
The research found 42 pre-installed apps from 21 manufacturers using this certificate. However it did not mention the names of the apps or smartphone brands.
Importantly too, hundreds of pre-installed apps were spotted using third party tools for analytics and advertising purposes. For instance over 806 apps used Facebook’s third party tools. Since these apps come preload in phones, this is a shady act.
And it suggests a kind of agreement between phone manufacturers and big companies like Facebook. It also explains how Facebook’s algorithm continues to get better and better at understanding user behavior.
The research also shows that many pre-installed apps are rarely updated. But worse, many such apps do not exist on the app stores and this makes it harder for users to do updates themselves. Around 74% of non-public apps do not get updated. And despite the existence of different vulnerabilities, flaws in these apps could go unpatched for up to five years.
App stores have several rules that could regulate pre-installed apps and make them more secure. But the report reveals that just 9% of pre-installed apps exist on the Google App Store. Thus, since most of them are absent from the app store, the rules won’t apply to them and they can pretty much do what they want.
Samsung only ship the stub version of Facebook on their phones. It’s basically a non-functional empty shell, acts as the placeholder for when the phone receives the “real” Facebook app as app updates https://t.co/KHdkF9fFyK
— Jane Manchun Wong (@wongmjane) January 8, 2019
Yet what’s more damning is that most pre-installed apps cannot be removed. At best they can be disabled, but they can’t be completely removed.
This is one huge problem that raises questions about the entire Android system. And overall, these issues explain why governments like the European Union have cracked down on Google and its unfair data practices.
Nigeria needs to do the same now. Smartphones like Tecno, Infinix, Itel and Samsung are all guilty of hosting predator preinstalled apps by data gathering companies.
The researchers recommend that giving users a choice and allowing them to remove these apps is one way to address the issue. But no company will do this willingly.
