An open letter signed by 53 pro-privacy campaigners has called on Google to impose new rules on Android manufacturers that ship devices with unremovable applications.
The letter says that 91 per cent of “bloatware” is unavailable on the Google Play store, meaning these applications bypass many of the safeguards that protect users from malicious applications.
By not undergoing the review process required to be admitted to the marketplace, these applications are not checked for excessive permissions or malware and cannot be issued with updated that fix known vulnerabilities.
- Google facing privacy probe on use of HTTPS in Chrome
- Google boosts bug bounties for Play Store apps
- Also check out the best Android apps of 2019
And if the applications cannot be removed, users are effectively handing over their data to a possibly unknown or unethical party.
The signatories, which include civil liberties organisations as well as privacy-focused tech initiatives like DuckDuckGo and the Tor project, note that these applications disproportionately feature on cheaper handsets.
This, they argue, means privacy effectively becomes a privilege granted to those who can afford more expensive smartphones.
“These pre-installed apps can have privileged custom permissions that let them operate outside the Android security model,” the letter reads. “This means permissions can be defined by the app - including access to the microphone, camera and location - without triggering the standard Android security prompts. Users are therefore completely in the dark about these serious intrusions.
“We are concerned that this leaves users vulnerable to the exploitative business practices of cheap smartphone manufacturers around the world.”
The signatories have urged Google to require manufacturers to let users permanently uninstall any application, ensure that pre-installed apps are subject to the same scrutiny as those available from Google Play, and that such software should have an update mechanism.
If a manufacturer does not adhere to these rules, the letter argues, then Google should refuse to certify the device: “We urge you to use your position as an influential agent in the ecosystem to protect people and stop manufacturers from exploiting them in a race to the bottom on the pricing of smartphones.”
Google has been contacted for comment.
- Here is the best Android malware of 2019