An investigation directed by scientists has revealed that the Android ( Google ) mobiles monitor the user without him knowing and access his personal data in a massive way through a large number of pre-installed applications that can barely be removed from the terminal.
The conclusions of the research carried out by the IMDEA Networks Institute based in Leganés and the Carlos III University of Madrid are included in the article "An Analysis of Pre-installed Android Software", which is being disseminated by the Spanish Data Protection Agency (AEPD). ) due to the "massive impact" of its results on privacy and the protection of personal data of citizens, explains the entity in a note.
In fact, the AEPD will present this study and its conclusions in the working subgroups of the European Committee for Data Protection (CEPD), an organism of the European Union of which the entity is part together with other European data protection authorities and the supervisor European.
The research includes more than 82,000 pre-installed applications in more than 1,700 devices with Android operating system manufactured by 214 brands.
Virtually all manufacturers have detected some type of pre-installed software that uses privileged access without the user's knowledge of system resources to obtain personal data, according to those responsible.
The conclusion is that there is a complex system of developers and commercial agreements with pre-installed applications that have permissions that do not correspond to those originating from Android to give access to their services without the possibility of an average user to uninstall them.
The problem is that "there is no transparency" around the activity of those applications that the user does not have the capacity to uninstall and that they are predetermined with the terminal, one of the authors of the research, Narseo Vallina-Rodríguez, explained to Efe. of IMDEA Networks.
Sometimes, this may have given consent for access to service but in others, you may be totally unaware of what is happening with your personal information, adds the expert.
According to the study, the permission model for accessing pre-installed applications on Android that are different from those included by default by Google's operating system allows monitoring and obtaining personal information at the operational level without the knowledge of the affected person, by "a large number of actors."
Manufacturers, Operators, Social Networks and Games
Among these, there are many companies ranging from manufacturers, operators, social networks, multimedia companies, videogames, antivirus, and a host of others, who could directly obtain benefits by accessing this data from users for any commercial activity or sell them to other agents in exchange for money.
In fact, the report aimed to reveal commercial agreements between sellers of Android devices and third parties, including organizations specialized in monitoring and tracking users and providing Internet advertising, as well as detecting and analyzing vulnerabilities and other opaque practices and analyzing transparency in the information provided to the user.
More than 1,200 companies have been identified related to pre-installed applications, and more than 11,000 libraries (software included in the apps to provide added services), many of which are related to online advertising and monitoring activities for commercial purposes.
A thorough analysis of the behaviour of 50% of the identified applications reveals that a significant fraction of them present potentially malicious or unwanted behaviours, such as malware samples, generic Trojans or pre-installed software that would facilitate fraudulent practices.