The privacy advocacy group, Privacy International, yesterday sent an open letter to Google’s parent company Alphabet. The letter, which was signed by over 50 organizations, asks Google to “take action against exploitative pre-installed software on Android devices.”
The open letter comes as a reaction to a study conducted in 2019, which revealed that many Android devices (particularly cheaper ones) come pre-installed with spyware that cannot be removed under any circumstances. These pre-installed applications were found to harvest sensitive data about users without their consent or knowledge.
The study was carried out cooperatively by IMDEA Networks Institute, Universidad Carlos III de Madrid, Stony Brook University, and ICSI. According to the research, devices from as many as 200 different vendors come pre-installed with software that regularly steals user data for the purposes of surveillance capitalism.
Apps that come pre-installed by vendors are able to set up invasive permissions they want – including access to the microphone, camera, and location – without ever asking the end-user. This leaves consumers completely unaware that serious privacy intrusions are occurring.
From the letter:
“We, the undersigned, agree with you: privacy cannot be a luxury offered only to those people who can afford it.
And yet, Android Partners – who use the Android trademark and branding – are manufacturing devices that contain pre-installed apps that cannot be deleted (often known as “bloatware”), which can leave users vulnerable to their data being collected, shared and exposed without their knowledge or consent.
These phones carry the “Google Play Protect” branding, but research shows that 91% of pre-installed apps do not appear in Google Play – Google’s app store.”
At ProPrivacy.com, we strongly support consumer privacy for all. For this reason, every member of our core team has now signed Privacy International’s petition asking Google to use its “position as an influential agent” to protect consumers by enforcing the following changes to the Android ecosystem:
- Individuals should be able to uninstall the apps on their phones permanently. This should include any related background services that continue to run even if the apps are disabled.
- Pre-installed apps should adhere to the same scrutiny as Play Store apps, especially in relation to custom permissions.
- Pre-installed apps should have some update mechanism, preferably through Google Play and without a user account. Google should refuse to certify a device on privacy grounds, where manufacturers or vendors have attempted to exploit users in this way.
We agree with Privacy International on this important consumer privacy issue, and we urge all our readers to sign the petition to force Google to sit up and take notice of these disturbing practices. Consumers need to be protected against being snooped on by devices from the moment they purchase them.
The failure of Google to moderate the pre-installed app ecosystem has opened it up to a wild-west of exploitation, putting users’ privacy and security at risk. Google must act now to deter bad actors who shovel malicious and exploitative apps on individuals’ devices.
Please support this important cause by signing the petition today.