Preinstalled Android apps are harvesting and sharing your data
Cyber Security

Preinstalled Android apps are harvesting and sharing your data

When you buy a brand-new smartphone, there’s that precious moment just after you take it out of the box when it is shiny and clean, unsullied by dirty software that could endanger your data. Or so you thought. New research reveals that the bloatware preinstalled on many new Android phones could do far more than simply chew up your storage.

Many Android phones ship with software that has been pre-installed by the smartphone vendor. Researchers at IMDEA Networks Institute, Universidad Carlos III de Madrid, Stony Brook University, and ICSI scanned the firmware of more than 2,700 consenting Android users around the world, creating a dataset of 82,501 pre-installed Android apps.

Many of these apps spied on their users, according to the research paper, accessing highly personal information. The researchers said:

According to our flow analysis, these results give the impression that personal data collection and dissemination (regardless of the purpose or consent) is not only pervasive but also comes pre-installed.

What data are these apps collecting?

Not only did preinstalled applications harvest geolocation information, personal email, phone call metadata and contacts, but some of them even monitored which applications users installed and opened. In many cases, personal information was funneled straight back to advertising companies.

Many of these preinstalled apps gather and communicate information using custom permissions, granted by the smartphone vendor or mobile network operator, which enabled them to perform actions that regular applications cannot.

Examples included preinstalled Facebook packages, some of which were unavailable on the regular Google Play store. These automatically downloaded other Facebook software such as Instagram, the researchers said. They also found Chinese applications exposing Baidu’s geolocation information, which could be used to locate users without their permission.

The researcher’s analysis suggests that many of these apps may be using custom permissions like these to harvest and exchange information as part of pre-defined data exchange agreements between companies:

These actors have privileged access to system resources through their presence in pre-installed apps and embedded third-party libraries. Potential partnerships and deals – made behind closed doors between stakeholders – may have made user data a commodity before users purchase their devices or decide to install software of their own

You might also like

Data Privacy Issue Emerges on Popular Military Dating App

South Korea Slaps Meta With $15.67 Million Fine for Misusing Sensitive User Data

Twilio urges users to update Authy apps after hack

Majority of UK MPs have had their data leaked to the dark web

Comments are closed.

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. AcceptRead More