More than 50 organizations, including the Privacy International, DuckDuckGo, and the Electronic Frontier Foundation, have recently sent an open letter to Alphabet and Google CEO Sundar Pichai regarding the vulnerabilities of pre-installed software for Android devices.
In the open letter, these organizations stated that all Android OEM manufacturers have preinstalled applications on their devices that cannot be removed, and have special permissions set by the manufacturers, so they can bypass Android's permission model.
This allows these pre-installed applications to access microphones, cameras, positioning, and other permissions without user intervention. This has also led many smartphone OEMs to collect user data for other benefits without their explicit permission.
Therefore, these organizations hope that Google can make some adjustments to the Android pre-installed applications and that the company can provide users with the ability to permanently uninstall all pre-installed applications on the device.
Although some preloaded applications can be disabled on Android devices, they still continue to run certain background processes, which makes disabling them a point of contention.
The open letter requires that all pre-installed apps be listed in the Google Play app store as regular apps and undergo the same review.
They also want to be able to update all pre-installed apps through Google Play even if the device is not signed in by the user.
If Google detects that the OEM is trying to take advantage of the user's privacy and their data, it refuses to authenticate the device for privacy and protection of user data.
Google has made many privacy-specific changes in Android 10, but there are still many things that can be improved to help protect users from pre-installed applications.