Limited control over privacy breaches by pre-installed Android apps

Shown by an independent study led by an academic group in Spain

Reuters March 25, 2019
A 3D printed Android logo is seen in front of a displayed cyber code in this illustration taken March 22, 2016. PHOTO: REUTERS

MADRID/SAN FRANCISCO: An independent study led by an academic group in Spain has shown that what personal information can be collected by pre-installed programs on new Android mobile devices is expansive and faces little oversight.

The investigation by the public Universidad Carlos III de Madrid, IMDEA Networks Institute and Stony Brook University looked at apps pre-installed on Android devices from 2,748 users, spanning 1,742 unique devices from 214 vendors across 130 countries.

Google to charge Android device makers up to ‘$40 per device’

The study did not look at whether the EU’s General Data Protection Regulation laws would bring greater oversight to pre-installed apps on Android devices.

Though Alphabet’s Google owns Android, its open-source nature enables device makers to customise the operating system and package other apps with the operating system before delivering them to users.

The study found the setup posed a potential threat to users’ privacy and security because the pre-installed apps request access to data that similar apps distributed through Google’s Play app store cannot reach.

Pre-installed apps often cannot be uninstalled, and Google may not be performing as rigorous security checks of them as it does for app store versions, the researchers found.

“There is a lack of regulation and transparency and no one seems to be monitoring what these stakeholders and apps do,” said co-author of the study Juan Tapiador.

Google said it provides tools to equipment manufacturers which helps them make sure their software does not violate Google’s privacy and security standards.

“We also provide our partners with clear policies regarding the safety of pre-installed apps, and regularly give them information about potentially dangerous pre-loads we’ve identified,” a Google spokesperson said.

Pre-installed apps recently have drawn increased scrutiny. A US Department of Justice criminal probe into Facebook, which worked with hardware makers to ensure its app would be on users’ devices, is examining those partnerships, the New York Times reported last week.

Google shuts down Google+ after mass data leak

The authors of the study noted their paper did not focus on any software developers in particular but was a rather a study in the lack of regulation and transparency that surrounded pre-installed apps found on new devices.

Facebook, which has said it is cooperating with multiple government investigations into its handling of users’ private data, said partnering with mobile operators and device manufacturers on pre-installations immediately give users the best experience on its social network.


Replying to X

Comments are moderated and generally will be posted if they are on-topic and not abusive.

For more information, please see our Comments FAQ