50 privacy groups ask Sundar Pichai to safeguard Android users1 min read . Updated: 13 Jan 2020, 11:55 PM IST
- Pre-installed apps should adhere to the same scrutiny as Play Store apps, especially in relation to custom permissions
- Pre-installed apps should have some update mechanism, preferably through Google Play and without a user account
SAN FRANCISCO : More than 50 privacy groups including American Civil Liberties Union (ACLU) and UK-based Privacy International have called on Google and Alphabet CEO Sundar Pichai to take action against pre-installed 'bloatware' on Android devices as they pose security risk to customers.
"Android Partners - who use the Android trademark and branding - are manufacturing devices that contain pre-installed apps that cannot be deleted (often known as 'bloatware'), which can leave users vulnerable to their data being collected, shared and exposed without their knowledge or consent," Privacy International said in a statement.
These phones carry the "Google Play Protect" branding, but research shows that 91 per cent of pre-installed apps do not appear in Google Play Store.
These pre-installed apps, said the Open Letter, can have privileged custom permissions that let them operate outside the Android security model.
"This means permissions can be defined by the app - including access to the microphone, camera and location - without triggering the standard Android security prompts.
"Users are, therefore, completely in the dark about these serious intrusions," the privacy groups lamented.
They asked Pichai to allow Android users permanently uninstall the apps on their phones, including any related background services that continue to run even if the apps are disabled.
Pre-installed apps should adhere to the same scrutiny as Play Store apps, especially in relation to custom permissions, they added.
Pre-installed apps should have some update mechanism, preferably through Google Play and without a user account.
"Google should refuse to certify a device on privacy grounds, where manufacturers or vendors have attempted to exploit users in this way," the privacy groups added.
Google was yet to reply to the Open Letter.