The study did not look at whether the EU’s GDPR laws would bring greater oversight to pre-installed apps on Android devices.
An independent study lead by an academic group in Spain has shown that what personal information can be collected by pre-installed programs on new Android mobile devices is expansive and faces little oversight.
The investigation by the public Universidad Carlos III de Madrid, IMDEA Networks Institute and Stony Brook University looked at apps pre-installed on Android devices from 2,748 users, spanning 1,742 unique devices from 214 vendors across 130 countries.
The study did not look at whether the EU’s General Data Protection Regulation laws would bring greater oversight to pre-installed apps on Android devices.
Though Alphabet Inc’s Google owns Android, its open source nature enables device makers to customise the operating system and package other apps with the operating system before delivering them to users.
The study found the setup posed a potential threat to users’ privacy and security because the pre-installed apps request access to data that similar apps distributed through Google’s Play app store cannot reach.
Pre-installed apps often cannot be uninstalled, and Google may not be performing as rigorous security checks of them as it does for app store versions, the researchers found.
“There is a lack of regulation and transparency and no one seems to be monitoring what these stakeholders and apps do,” said co-author of the study Juan Tapiador.
Google said it provides tools to equipment manufacturers which helps them make sure their software does not violate Google’s privacy and security standards.
“We also provide our partners with clear policies regarding the safety of pre-installed apps, and regularly give them information about potentially dangerous pre-loads we’ve identified,” a Google spokesperson said.
Pre-installed apps recently have drawn increased scrutiny. A US Department of Justice criminal probe into Facebook, which worked with hardware makers to ensure its app would be on users’ devices, is examining those partnerships, the New York Times reported last week.
The authors of the study noted their paper did not focus on any software developers in particular but was a rather a study in the lack of regulation and transparency that surrounded pre-installed apps found on new devices.
Facebook, which has said it is cooperating with multiple government investigations into its handling of users’ private data, said partnering with mobile operators and device manufacturers on pre-installations immediately give users the best experience on its social network.