Security warning: pre-loaded Android apps could be dangerous

When you compare iPhones to Androids, a few major differences come to mind. Apple has worked hard to keep the iPhone’s iOS operating system a closed environment. There are strict controls placed on apps that can go into Apple’s app store and it is very difficult to put apps from other sources on an iPhone. Android is much more open, with the core code at the heart of the OS itself open-source and freely available to other developers.

Android’s openness is why we have major phone manufacturers producing Android smartphones that ship with customized operating systems. This has many benefits, not least for us as it gives us more choice when we’re shopping for a new phone. Android opens up a world of smartphones from the ultra-affordable to the top of the line. iPhones just don’t have this flexibility. If you want an affordable iPhone, you have to buy an older one as the iPhone XR just doesn’t count.

The trade-off in all this, however, is security. The more open something is, the more vulnerable it is. What’s worse is that it has now come to light that Android’s vulnerability could be exploited even before we get our hands on our brand-new Android phones.

A study has found a ‘significant number’ of pre-loaded Android apps exhibit ‘unwanted behavior’

There are very few Android phones that ship with the vanilla version of Android that Google releases each year. As we’ve mentioned, phone manufacturers alter the core code to create their own unique ecosystems. Often, that isn’t all they do though, with their phones also coming bundled with their own versions of core apps like a maps app, an email app, a web browser, and more. A joint study between universities in Madrid, New York, and California found that many of these pre-loaded apps could, in fact, be harmful to our online security.

The study looked at 82,000 of these pre-installed apps, affectionately called bloatware, on over 1,700 devices built by 214 manufacturers. The results were not good, with the researchers concluding that “a significant part of the pre-installed software exhibit potentially harmful or unwanted behavior… While it is known that personal data collection and user tracking is pervasive in the Android app ecosystem as a whole, we find that it is also quite prevalent in pre-installed apps.”

What this means is that it isn’t just the apps you download from the Google Play Store that you need to worry about. The apps that come loaded on your phone when you first take it out of the box could already be tracking and sharing privileged data that would best be kept private. What’s even more perplexing about this is the complicated manner in which these bloatware apps make their way onto brand-new smartphones. As well as phone manufacturers, the researchers also highlighted the fact that apps can be pre-loaded by phone vendors, network carriers, and even other third parties.

Unfortunately, the research team doesn’t recommend a course of action that could best protect us from the threats it has detected. If you have an Android smartphone and it has bloatware apps on it or generic versions of more well-known standard apps, it’d be best to ignore them and stick to using the more established apps from the big-name developers.