Some pre-installed Android apps hoover up data
PRE-INSTALLED ANDROID APPS are usually handy tools or a bit of filler, but some boffins have discovered they can eat into your privacy.
An analysis by the IMDEA Networks Institute, Stony Brooks University, Universidad Carlos II de Madrid, and ICSI found that some hardware vendors are pre-loading their Android devices with apps that suck up user data.
The researchers perused some 1,700 devices from 200 hardware makers, leading to a probe of 82,000 pre-installed apps. From those efforts, they concluded that a lot of smartphones with non-Google pre-installed apps enable third-party access to user data without consent.
It’s one thing downloading a data-harvesting app and agreeing for it to use all your details for marketing purposes, but it’s another thing for such apps to come pre-installed and not make their data harvesting activities clear.
The researcher’s paper noted that this data harvesting could be deliberate or down to some dumb implementation
“”This situation has become a peril to users’ privacy and even security due to an abuse of privilege, such as in the case of pre-installed malware, or as a result of poor software engineering practices that introduce vulnerabilities and dangerous backdoors,” the boffins said.
“In the meantime users are, by and large, unaware of the risks posed by or even the presence of most of the software that comes pre-installed on their Android devices.
“Users are clueless about the many private data-sharing relationships and partnerships that exist between the various companies that have a hand in deciding what comes pre-installed on their phones. Users’ activities, personal data, and habits may be constantly monitored by stakeholders that many users may have never heard of, let alone consented to collect their data.”
This is all pretty damming stuff, and it’s also a tricky one as the supply chain of both software and hardware can be quite convoluted with all manner of deals being made to secure certain apps and services on devices, without anyone to oversee such activity
The researchers said companies could police themselves but such activity wouldn’t be commercially sound for them.
As such, it was suggested that a third party could oversee such what pre-installed apps get up to and ensure they adhered to privacy guidelines; the boffins reckon Google could take on this role given its power in licensing Android, though Google already has enough on its plate when it comes to Android licensing.
“Alternatively, in absence of self-regulation, governments and regulatory bodies could step in and enact regulations that wrest back some of the control from the various actors in the supply chain,” the researchers’ paper advised.
The whole thing highlights the challenges of running a clean supply chain when it comes to both software and hardware, as Asus found out. µ
Source : Inquirer