An Analysis of Pre-Installed Android Software

TitleAn Analysis of Pre-Installed Android Software
Publication TypeConference Paper
Year of Publication2020
AuthorsGamba, J.., Rashed M.., Razaghpanah A., Vallina-Rodriguez N., & Tapiador J..
Published inIEEE Sympsium on Security and Privacy 2020

The open-source nature of the Android OS makes it possible for manufacturers to ship custom versions of the OS along with a set of pre-installed apps, often for product differentiation. Some device vendors have recently come under scrutiny for potentially invasive private data collection practices and other potentially harmful or unwanted behavior of the pre-installed apps on their devices. Yet, the landscape of pre-installed software in Android has largely remained unexplored, particularly in terms of the security and privacy implications of such customizations. In this paper, we present the first large-scale study of pre-installed software on Android devices from more than 200 vendors. Our work relies on a large dataset of real-world Android firmware acquired worldwide using crowd-sourcing methods. This allows us to answer questions related to the stakeholders involved in the supply chain, from device manufacturers and mobile network operators to third-party organizations like advertising and tracking services, and social network platforms. Our study allows us to also uncover relationships between these actors, which seem to revolve primarily around advertising and data-driven services. Overall, the supply chain around Android's open source model lacks transparency and has facilitated potentially harmful behaviors and backdoored access to sensitive data and services without user consent or awareness. We conclude the paper with recommendations to improve transparency, attribution, and accountability in the Android ecosystem.


We are deeply grateful to our Firmware Scanner users for enabling this study, and ElevenPaths for their initial support in this project. We thank the anonymous reviewers for their helpful feedback. This project is partially funded by the US National Science Foundation (grant CNS-1564329), the European Union’s Horizon 2020 Innovation Action program (grant Agreement No. 786741, SMOOTH Project), the Spanish Ministry of Science, Innovation and Universities (grants DiscoEdge TIN2017-88749-R and SMOG-DEV TIN2016-79095- C2-2-R), and the Comunidad de Madrid (grant EdgeDataCM P2018/TCS-4499). Any opinions, findings, conclusions, 14 or recommendations expressed in this paper are those of the authors and do not reflect the views of the funding bodies.

ICSI Research Group

Networking and Security