Posted in Shoddy Security

Android ecosystem of pre-installed apps is a privacy and security mess

We’re shocked, shocked, shocked to… oh wait, actually, no, we’re not shocked at all by this:

An academic study that analyzed 82,501 apps that were pre-installed on 1,742 Android smartphones sold by 214 vendors concluded that users are woefully unaware of the huge security and privacy-related threats that come from pre-installed applications.

Researchers found that many of these pre-installed apps have access to very intrusive permissions out of the box, collect and send data about users to advertisers, and have security flaws that often remain unpatched.

On top of this, many pre-installed apps (also referred to as bloatware) can’t be removed, and also use third-party libraries that secretly collect user data from within benign-looking and innocently-named applications.

The study is, by far, one of the most complex endeavors of its kind, and included both an analysis of device firmware, app behavior, and the internet traffic the apps generated.

Android has been repeatedly shown to be a security nightmare. What’s particularly ironic and absurd is that many Android device manufacturers lock the bootloader to prevent rooting, which stops savvy users from getting rid of the bloatware and keeping their devices current.

And thanks to the demise of Windows Phone and BB10 (the latter of which heavily emphasized security), the only practical alternative is iOS. While iOS is superior to Android, it’s a shame that there’s no other game in town anymore. We appear to be stuck with a duopoly for the foreseeable future.