An Analysis of Pre-Installed Android Software


Thanks to the openness of the Android operating
system, any manufacturer can modify the code before installation on the
device, or pre-install extra apps in the system for product differentiation, and
allow their partners to do the same. This has created a vast supply chain
that is completely opaque to the users. Android has been released more than
10 years ago. However, no study has systematically analyzed the actors forming
this supply chain and their practices. In our paper, we collected and studied more
than 82000 pre-installed applications from more than 200 vendors, and
shed light on this ecosystem. We have found hundreds of companies involved in the supply chain of Android devices, as well as potential cases of personal
data collection and harmful behaviors. Overall, our results show a disturbing lack
of transparency. We show that there is almost no control in the Android supply chain. Even worst, it’s almost impossible, in most cases, to attribute certainty an application to a given company. With this study, we hope to bring more attention
to this issue, and hopefully makes the whole Android ecosystem safer for
users.

Leave a Reply

Your email address will not be published. Required fields are marked *