When I first got my hands on the new Galaxy S10+, I was surprised to find that the unlocked model came with pre-installed Facebook and there was no easy way to uninstall the app. The same goes for some Microsoft-owned apps like Office and LinkedIn.
This issue would have been a smaller worry if it didn’t come laden with privacy woes. A recent research conducted by the researchers at IMDEA Networks Institute, Stony Brook University, Universidad Carlos III de Madrid, and ICSI, found that the pre-installed apps often pump your personal data straight back to advertisers.
“These results give the impression that personal data collection and dissemination (regardless of the purpose or consent) is not only pervasive but also comes pre-installed,” the researchers said.
The team arrived at this conclusion by scanning the firmware of more than 2,700 consenting Android smartphone owners and more than 82,000 pre-installed applications.
The personal data being exposed included email, phone call metadata, geolocation data, contacts, etc. Moreover, some apps even had the permissions to keep track of the other apps being opened and closed.
What makes this data collection more concerning is the fact that such apps are granted custom permissions by the OEMs as a result of their data exchange agreements. Some phones even come with pre-installed Facebook packages that aren’t available anywhere on the Play Store. So, users don’t have any choice or even some consent box to tick.
As all these apps are digitally signed by the OEMs, it’s tougher to spot if something notorious is going on behind the scenes. It even allows vendors to embed malware libraries like Rootnik in preinstalled software.