More than 50 organizations, including Privacy International, the Digital Rights Foundation, DuckDuckGo and the Electronic Frontier Foundation, have recently sent open letters to Alphabet and Google CEO Sundar Pichai. Take a stand on the vulnerabilities in Android device pre-installed software and how they pose privacy risks to consumers.
In this open letter, the organizations say that all Android OEMs pre-install undeletable applications on their devices and have special permissions that the vendor has to set values, so they can bypass the Android permissions model.
This allows these pre-installed applications to have access to microphones, cameras, positioning, and other permissions without user intervention. This also allows many smartphone OEMs to collect user data without the user’s explicit permission and use it for other benefits.
As a result, the groups want Google to make some adjustments to the Android Preinstalled App (Bloatware) and the company will be able to provide users with the ability to permanently uninstall all preinstalled apps on the device. Although some preloaded applications can be disabled on Android devices, they will continue to run some background processes, making disabling them a point of contention.
The open letter calls for ensuring that all pre-installed apps are listed in the Google Play App Store as regular apps and reviewed in the same way. They also want to update all pre-installed apps through Google Play even if the device isn’t signed in. If Google detects an OEM attempting to exploit the user’s privacy and its data, it refuses to certify the device for privacy and protection of user data.
Google has made many privacy-specific changes on Android 10, but there are still plenty of things to improve to help protect users from pre-installed apps.