An academic study carried out by Universidad Carlos III de Madrid (UC3M) and the IMDEA Networks Institute, in collaboration with the International Computer Science Institute (ICSI) at Berkeley (USA) and Stony Brook University of New York (US), has concluded that Android users are woefully unaware of the huge security and privacy related threats that come from pre-installed apps.
Researchers analysed 82,501 applications that were pre-installed on 1,742 Android smartphones sold by 214 vendors and found many of them collect and send data about users to advertisers, as well as have security flaws that often remain unpatched.
Following the release of these findings, Winston Bond, senior technical director EMEA at Arxan Technologies, has confirmed Android phones have pre-installed apps, many of which put the user at risk of security and privacy threats.
Winston Bond, Senior Technical Director EMEA at Arxan Technologies:
“A major issue identified by these researchers is that these pre-installed apps cannot be removed from users’ devices. I am even aware that my own Android phone has un-installable copies of certain applications.
Companies are pre-installing their applications as system apps which means that they bypass the normal permissions mechanism that gives people an informed choice about sharing their every move, contact and text message. The privacy implications are certainly uncomfortable, but unfortunately that seems to be part of the modern world. Companies like Google get all this data from us too.
From a security perspective, the explanation is simple: every unnecessary, unmaintained app is another potential source of vulnerabilities.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.