Security News > 2020 > January > Google urged to tame privacy-killing Android bloatware
These pre-installed apps can have privileged custom permissions that let them operate outside the Android security model.
This means permissions can be defined by the app - including access to the microphone, camera and location - without triggering the standard Android security prompts.
The letter references a joint US-Spanish study published last year which uncovered the surprising scale of the bloatware issue - of 140,000 pre-installed apps, only 9% were available on Google's Play Store, for example.
Some vendors are worse than others, and at least one, Samsung, uses its own additional Android apps and capabilities as a positive selling point, creating a platform-within-a-platform.
Pre-installed apps should have some update mechanism, preferably through Google Play and without a user account.
News URL
https://nakedsecurity.sophos.com/2020/01/13/google-urged-to-tame-privacy-killing-android-bloatware/
Related news
- Google blocked 2.36 million risky Android apps from Play Store in 2024 (source)
- Google Bans 158,000 Malicious Android App Developer Accounts in 2024 (source)
- Google fixes Android kernel zero-day exploited in attacks (source)
- Google Patches 47 Android Security Flaws, Including Actively Exploited CVE-2024-53104 (source)
- Google patches odd Android kernel security bug amid signs of targeted exploitation (source)
- Crypto-stealing iOS, Android malware found on App Store, Google Play (source)
- Google Confirms Android SafetyCore Enables AI-Powered On-Device Content Classification (source)
- SpyLend Android malware downloaded 100,000 times from Google Play (source)