I recently heard the term "bloatware" used to describe preinstalled software on an Android device. What exactly...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
is bloatware, and to what extent should it be considered a security risk? How can we detect and uninstall bloatware?
Bloatware -- a term for unwanted preinstalled software on a computer or device -- has been around since the dawn of PCs.
Bloatware started with OEMs installing software by default on their computers to both make more money and provide consumers with additional software they might want.
Thirty-plus years later, bloatware is still a problem. Lenovo is the most notable recent example where the company not only installed bloatware, but bloatware that made users susceptible to man-in-the-middle attacks. If bloatware isn't secure, it can put a PC at risk. All software installed on a PC must be kept up to date and secure -- including bloatware.
Like most PC problems, bloatware has recently made its way onto Android phones. While Android bloatware could be relatively harmless and just shows ads, as Palo Alto points out in a blog post, a large Chinese manufacturer of smartphones started including bloatware that exposed users to risks. While the bloatware described by Palo Alto -- dubbed Coolpad -- has many functions of software used for spying on device owners, this same functionality could technically be used for legitimate purposes, such as managing the device. This is where things get tricky. If the user consented and clearly understood the tradeoffs of the Coolpad software, it would not necessarily be a security risk, it would just be bloatware or potentially an immature smartphone management tool. However, in some cases, it can expose users to unknown security and privacy risks.
So how can you detect and uninstall bloatware?
Bloatware can be detected by an end user by looking through the installed applications and identifying any applications he or she did not install. It could also be detected by an enterprise IT team using a mobile device management tool that lists installed applications.
Uninstalling bloatware on Android devices might prove more difficult than uninstalling bloatware on PCs because of the multiple points in the supply chain where software can be installed and because many of the bloatware applications may be marked as a system application and thus be unable to be removed by a regular user.
The only way to truly uninstall bloatware system applications is for the carrier to remove them or to root the phone, however rooting the device will compromise Android security.
Ask the Expert:
Want to ask Nick Lewis a question about enterprise threats? Submit your question now via email. (All questions are anonymous.)
Learn how to detect and defend against preinstalled malware
Dig Deeper on Malware, virus, Trojan and spyware protection and removal
Related Q&A from Nick Lewis
The OurMine hacking group recently used DNS poisoning to attack WikiLeaks and take over its web address. Learn how this attack was performed from ...continue reading
Typosquatting was used by threat actors to spread malware in the NPM registry. Learn from expert Nick Lewis how this method was used and what it ...continue reading
Threat actors are using phishing email campaigns to fool users with tech support scams and fake Blue Screens of Death. Learn how these campaigns work...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.