Security News > 2020 > January > Google urged to tame privacy-killing Android bloatware
These pre-installed apps can have privileged custom permissions that let them operate outside the Android security model.
This means permissions can be defined by the app - including access to the microphone, camera and location - without triggering the standard Android security prompts.
The letter references a joint US-Spanish study published last year which uncovered the surprising scale of the bloatware issue - of 140,000 pre-installed apps, only 9% were available on Google's Play Store, for example.
Some vendors are worse than others, and at least one, Samsung, uses its own additional Android apps and capabilities as a positive selling point, creating a platform-within-a-platform.
Pre-installed apps should have some update mechanism, preferably through Google Play and without a user account.
News URL
https://nakedsecurity.sophos.com/2020/01/13/google-urged-to-tame-privacy-killing-android-bloatware/
Related news
- Google patches exploited Android zero-day on Pixel devices (source)
- Google's Privacy Sandbox more like a privacy mirage, campaigners claim (source)
- Google's Privacy Sandbox Accused of User Tracking by Austrian Non-Profit (source)
- Proton launches free, privacy-focused Google Docs alternative (source)
- Android spyware 'Mandrake' hidden in apps on Google Play since 2022 (source)