I recently heard the term "bloatware" used to describe preinstalled software on an Android device. What exactly...
is bloatware, and to what extent should it be considered a security risk? How can we detect and uninstall bloatware?
Bloatware -- a term for unwanted preinstalled software on a computer or device -- has been around since the dawn of PCs.
Bloatware started with OEMs installing software by default on their computers to both make more money and provide consumers with additional software they might want.
Thirty-plus years later, bloatware is still a problem. Lenovo is the most notable recent example where the company not only installed bloatware, but bloatware that made users susceptible to man-in-the-middle attacks. If bloatware isn't secure, it can put a PC at risk. All software installed on a PC must be kept up to date and secure -- including bloatware.
Like most PC problems, bloatware has recently made its way onto Android phones. While Android bloatware could be relatively harmless and just shows ads, as Palo Alto points out in a blog post, a large Chinese manufacturer of smartphones started including bloatware that exposed users to risks. While the bloatware described by Palo Alto -- dubbed Coolpad -- has many functions of software used for spying on device owners, this same functionality could technically be used for legitimate purposes, such as managing the device. This is where things get tricky. If the user consented and clearly understood the tradeoffs of the Coolpad software, it would not necessarily be a security risk, it would just be bloatware or potentially an immature smartphone management tool. However, in some cases, it can expose users to unknown security and privacy risks.
So how can you detect and uninstall bloatware?
Bloatware can be detected by an end user by looking through the installed applications and identifying any applications he or she did not install. It could also be detected by an enterprise IT team using a mobile device management tool that lists installed applications.
Uninstalling bloatware on Android devices might prove more difficult than uninstalling bloatware on PCs because of the multiple points in the supply chain where software can be installed and because many of the bloatware applications may be marked as a system application and thus be unable to be removed by a regular user.
The only way to truly uninstall bloatware system applications is for the carrier to remove them or to root the phone, however rooting the device will compromise Android security.
Ask the Expert:
Want to ask Nick Lewis a question about enterprise threats? Submit your question now via email. (All questions are anonymous.)
Learn how to detect and defend against preinstalled malware
Dig Deeper on Malware, virus, Trojan and spyware protection and removal
Related Q&A from Nick Lewis
When NSA cyberweapons went public, attackers bundled them into the EternalRocks malware. Nick Lewis takes a closer look at this new threat and ...continue reading
A Google Docs phishing attack used OAuth tokens to affect more than a million Gmail users. Nick Lewis explains how it happened, and how to defend ...continue reading
A vulnerability in Microsoft's Windows Defender antivirus tool left users open to remote code exploitation. Expert Nick Lewis explains how it ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.