Security News > 2020 > January > Google urged to tame privacy-killing Android bloatware
These pre-installed apps can have privileged custom permissions that let them operate outside the Android security model.
This means permissions can be defined by the app - including access to the microphone, camera and location - without triggering the standard Android security prompts.
The letter references a joint US-Spanish study published last year which uncovered the surprising scale of the bloatware issue - of 140,000 pre-installed apps, only 9% were available on Google's Play Store, for example.
Some vendors are worse than others, and at least one, Samsung, uses its own additional Android apps and capabilities as a positive selling point, creating a platform-within-a-platform.
Pre-installed apps should have some update mechanism, preferably through Google Play and without a user account.
News URL
https://nakedsecurity.sophos.com/2020/01/13/google-urged-to-tame-privacy-killing-android-bloatware/
Related news
- Google Blocks Unsafe Android App Sideloading in India for Improved Fraud Protection (source)
- Google brings better bricking to Androids, to curtail crims (source)
- How to enable Safe Browsing in Google Chrome on Android (source)
- Google on scaling differential privacy across nearly three billion devices (source)
- Google Warns of Actively Exploited CVE-2024-43093 Vulnerability in Android System (source)
- Google patches actively exploited Android vulnerability (CVE-2024-43093) (source)
- Google fixes two Android zero-days used in targeted attacks (source)
- Google's mysterious 'search.app' links leave Android users concerned (source)
- Week in review: Zero-click flaw in Synology NAS devices, Google fixes exploited Android vulnerability (source)
- Google launches on-device AI to alert Android users of scam calls in real-time (source)