A study by the Universidad Carlos III de Madrid, IMDEA Networks Institute and Stony Brook University has revealed that many of the preinstalled apps on the Android phones come with a big number of security and privacy-related threats.
The study by the Spanish University looked at preinstalled apps on Android devices from 2,748 users from 214 vendors across 130 countries. Many of these apps cannot be removed and secretly collect data that other apps are not privy to. These apps apparently have access to very intrusive permissions and collect and send user data to the advertisers. The study also claims that these apps come with security flaws that often remain un-patched.
A major find in the study was pertaining to the special permissions that these apps seem to possess.While the standard permissions are controlled by the user, the researchers found personalized permissions by different actors in the manufacture and distribution of devices. What this means is, these permissions can work around the non-transparent background of the Android. Thus, these apps are capable of accessing a user’s data without requiring their consent.
The study warns “Potential partnerships and deals — made behind closed doors between stakeholders — may have made user data a commodity before users purchase their devices or decide to install software of their own.” To help regulate these loopholes they have suggested the use of certificates signed by globally-trusted certification authorities.
The study concluded by saying that this was just an exploratory investigation into a much bigger problem and encouraged more critical examination of the Android Software ecosystem to know the extent of the impact of pre-installed apps on user privacy and security.