Many Android devices come with pre-installed software. These apps cannot be uninstalled and they run with full system permissions. Consequently, they have a privileged position to access sensitive resources and information about each individual user and applications running on the device.
The openness of the Android operating system makes it possible for any handset manufacturer to ship a custom version of the system, along with proprietary pre-installed apps. As a result, any Android vendor can modify the Android firmware developed and maintained by Google.
Pre-installed apps can be useful to users (e.g., an email client) but some malicious vendors can distribute unwanted software that could cause harm to users' privacy and security. In fact, recent media articles have reported instances of Android vendors potentially sharing or selling user's personal data with other third-parties or subscribing users to paid services without their consent.
Unfortunately, pre-installed apps are hard to study. Pre-installed software is typically unavailable on popular app stores like Google Play. In fact, in order to perform a complete and comprehensive study about the prevalence of this type of software, it is important having access to a large number of Android handset vendors and models from all over the world.
This is the reason why we have developed FirmwareScanner, a research tool to crowd-source the collection of pre-installed apps so that we can investigate malicious actors.
By running this app, you will contribute to our research efforts, allowing us to extract pre-installed software from your phone and send it to our server for further analysis. **Under no circumstance, personal and sensitive data about your phone such as location or unique identifiers is collected**.
**Data volume:** Given the data size of pre-installed software, we also take precautions to not affect your data plan. We only upload the applications over WiFi. If you wish, we will also report to you our findings about the privacy risks of your phone once our analysis is done.
**Academic institutions:** This app is part of an academic research project run by IMDEA Networks Institute (Spain), University Carlos III of Madrid (Spain), the International Computer Science Institute at Berkeley (CA, USA) and Stony Brook University (USA).
If you have any questions of if you would like to know more about the project, you can contact us by email at firstname.lastname@example.org