NGOs Demand Google Crackdown on Pre-Installed Apps

NGOs Demand Google Crackdown on Pre-Installed Apps

Global rights groups have joined forces to demand that Google tackles the problem of budget Android smartphones pre-installed with privacy infringing apps that users can’t remove.

Over 50 organizations, including the UK’s Privacy International, today asked the tech giant to stop manufacturers and other Android partners from delivering devices that could undermine user privacy and security.

They argued that because the apps come pre-installed, they can choose which permissions they want — sometimes using the device’s camera, microphone or location without the user's knowledge.

“The failure of Google to moderate the pre-installed app ecosystem has opened it up to a wild-west of exploitation, putting users’ privacy and security at risk,” argued Privacy International technology lead, Christopher Weatherhead. “Google must act now to deter bad actors who shovel malicious and exploitative apps on individuals’ devices.”

The rights groups called for changes so that users can permanently uninstall any apps on their phones, including related background services that run even if the apps themselves are disabled.

They also want pre-installed apps to stick to the same rules as Play Store apps, especially in relation to custom permissions, and to have some form of update mechanism.

When manufacturers or vendors break these rules, Google should refuse certification for privacy reasons, they added.

The initiative comes after research released last March by Universidad Carlos III de Madrid (UC3M), the IMDEA Networks Institute, the International Computer Science Institute (ICSI) at Berkeley and Stony Brook University of New York.

The first-of-its-kind study covered 82,000 pre-installed Android apps on more than 1700 devices manufactured by 214 brands.

“As we demonstrated in this paper, this situation has become a peril to users’ privacy and even security due to an abuse of privilege or as a result of poor software engineering practices that introduce vulnerabilities and dangerous backdoors,” it concluded.

Source: Information Security Magazine