An academic study that analyzed 82,501 apps that were pre-installed on 1,742 Android smartphones sold by 214 vendors concluded that users are woefully unaware of the huge security and privacy-related threats that come from pre-installed applications.
Researchers found that many of these pre-installed apps have access to very intrusive permissions out of the box, collect and send data about users to advertisers, and have security flaws that often remain unpatched.
On top of this, many pre-installed apps (also referred to as bloatware) can’t be removed, and also use third-party libraries that secretly collect user data from within benign-looking and innocently-named applications.
The study is, by far, one of the most complex endeavors of its kind, and included both an analysis of device firmware, app behavior, and the internet traffic the apps generated.
One of the first things that researchers spotted was the incessant use of third-party libraries (or software development kits –SDKs) inside many pre-installed applications.
While using an SDK to simplify the coding of basic tasks is commonplace in the web, desktop, and mobile development community, researchers noted that the most commonly encountered third-party libraries were all advertising and user tracking-related.
The research team said it found 164 different advertising SDKs inside nearly 12,000 apps and an additional 100 different analytics libraries inside almost 7,000 apps.
This suggests that a large chunk of pre-installed apps are tracking users right from the get-go, from the moment they turn on their brand new Android smartphone.
Submitted by: Arnfried Walbrecht