For much of Android's existence, Google has adopted a relatively hands-off approach that lets manufacturers ship units with pre-installed bloatware which, in many cases, cannot be easily removed. This has infuriated users and privacy advocates alike, leading 50 of the latter to pen a blistering open letter to Google and Alphabet chief Sundar Pichai urging him to take action.
Privacy International, along with dozens of other civil rights organisations, including the Electronic Frontier Foundation and ACLU, wrote: "Privacy cannot be a luxury offered only to those people who can afford it."
"Android Partners - who use the Android trademark and branding - are manufacturing devices that contain pre-installed apps that cannot be deleted, which can leave users vulnerable to their data being collected, shared and exposed without their knowledge or consent," the letter states.
Eggheads confirm: Rampant Android bloatware a privacy and security hellscapeREAD MORE
The concern surrounding bloatware hinges on the fact they exist without the standard Android security model, with pre-installed apps able to access the microphone, camera, and location by default.
Presently, apps downloaded from the standard Google Play store require the user to "opt in" to access the more sensitive parts of the phone.
The open letter also cites an academic study published in May 2019 that found 91 per cent of all pre-installed apps aren't present on the Google Play Store — suggesting they may have harmful behaviours that would preclude them from being listed on the standard Android app store.
Pre-installed apps are most commonly found on cheap handsets. The lower end of the handset market is notorious for having thin profit margins, and bloatware serves as another tool for monetisation.
The letter calls on Google to allow users to remove pre-installed bloatware, including all related background services. It also states that pre-installed apps should undergo the same scrutiny as standard Google Play store apps, with users able to control the permissions the software is allowed.
And finally, the groups argue — reasonably — that pre-installed apps should have an update mechanism. With many bloatware programs languishing on old versions, they present a serious security problem, with users unable to remedy any vulnerabilities.
Neither Google nor Pichar have yet responded. The Register has asked for comment. ®