designsoliman - Fotolia
I recently heard the term "bloatware" used to describe preinstalled software on an Android device. What exactly is bloatware, and to what extent should it be considered a security risk? How can we detect and uninstall bloatware?
bloatware -- a term for unwanted preinstalled software on a computer or device -- has been around since the dawn of PCs.
Bloatware started with OEMs installing software by default on their computers to both make more money and provide consumers with additional software they might want.
Thirty-plus years later, bloatware is still a problem. Lenovo is the most notable recent example where the company not only installed bloatware, but bloatware that made users susceptible to man-in-the-middle attacks. If bloatware isn't secure, it can put a PC at risk. All software installed on a PC must be kept up to date and secure -- including bloatware.
Like most PC problems, bloatware has recently made its way onto Android phones. While Android bloatware could be relatively harmless and just shows ads, as Palo Alto points out in a blog post, a large Chinese manufacturer of smartphones started including bloatware that exposed users to risks. While the bloatware described by Palo Alto -- dubbed Coolpad -- has many functions of software used for spying on device owners, this same functionality could technically be used for legitimate purposes, such as managing the device. This is where things get tricky. If the user consented and clearly understood the tradeoffs of the Coolpad software, it would not necessarily be a security risk, it would just be bloatware or potentially an immature smartphone management tool. However, in some cases, it can expose users to unknown security and privacy risks.
So how can you detect and uninstall bloatware?
Bloatware can be detected by an end user by looking through the installed applications and identifying any applications he or she did not install. It could also be detected by an enterprise IT team using a mobile device management tool that lists installed applications.
Uninstalling bloatware on Android devices might prove more difficult than uninstalling bloatware on PCs because of the multiple points in the supply chain where software can be installed and because many of the bloatware applications may be marked as a system application and thus be unable to be removed by a regular user.
The only way to truly uninstall bloatware system applications is for the carrier to remove them or to root the phone, however rooting the device will compromise Android security.
Ask the Expert:
Want to ask Nick Lewis a question about enterprise threats? Submit your question now via email. (All questions are anonymous.)
Learn how to detect and defend against preinstalled malware
Dig Deeper on Malware, virus, Trojan and spyware protection and removal
Related Q&A from Nick Lewis
Cloud penetration testing presents new challenges for information security teams. Here's how a playbook from the Cloud Security Alliance can help ... Continue Reading
Many cloud providers are tight-lipped about internal security control details. Learn how to evaluate cloud security providers with certifications and... Continue Reading
Enterprises new to the cloud can write new security policies from scratch, but others with broad cloud usage may need an update. Consider these ... Continue Reading