Barrier to updates
Not to mention that the cost/effort of updating the Bloat makes it harder to update the OS on the phones too.
I'm assuming that the manufacturers actually give a **** about this of course...
The apps bundled with many Android phones are presenting threats to security and privacy greater than most users think. This according to a paper (PDF) from university researchers in the US and Spain who studied the pre-installed software that 214 different vendors included in their Android devices. They found that everyone …
Not to mention that the cost/effort of updating the Bloat makes it harder to update the OS on the phones too.
Android updates are a cost center with no offsetting revenue, not to mention the risk of generating support requests if an update goes wrong. All risk, no reward. It's much better for their bottom line to skip the updates and sell you a new phone every couple of years.
Add to the risks deadware, particularly from Google, that cannot be uninstalled and that can only be 'disabled'.
Thing it's really disabled? Guess again! I've disabled Google Keep (which claims to be a note taking app). Still I get the "Unfortunately Google Keep has stopped" errors pretty much at random...
I guess there would be, if there was any substance to this story. When you dig past the money making generalisations in to details however, you find that there is really nothing going on that affects western countries and major brands, and it's the 1% of Chinese brands in asis that you will have never heard of that is making the sensationalism in this money making paper
Industry self regulation obviously does not work at all and it is time for something else. Companies have had many years to act and put things right, so it’s too late to cry out when penalties are being handed out. EU has made a nice start, but it is still far from good enough.
Established industrial players know very well how to act in a responsible way, but choose not to do so year after year. No more chance to say ’Oops, we will correct our habits, please don’t fine us 2 billion euros’. Fine them right away when they break the laws. I call for imprisonment for the persons in charge too. Not for poor engineers and other underlings who are forced to do bad things.
To that end, they recommend someone steps in to offer audits of the supply chain and catch potential security and privacy threats in bundled software.
Too little, too late. The recommendation should be that pre-installed/bundled software must be removable by the end user. Just "disabling" is not enough, as it could be re-enabled by something else and wouldn't free up the storage.
At least there are now choices with no, or hardly any, bundled crap.
Coming from a computer background, it irks me to no end to see that I don't actually have any true say in what is on my phone. There is no question of license here, the hardware is mine, bought and paid for with my money, yet I'm not given the tools to manage my hardware out of the box.
That is just one reason I hate the damn things.
That's because you may be in control of the hardware, but you don't have the same control over the software unless, like with the copyrighted car computer software, you're willing to throw everything out and go solo.
Just remember, Android is more than just the hardware, and the Android software, by law, is NOT under your control.
Isn't AOSP licensed under Apache 2.0, and the kernel GPLv2?
So... It is kinda under your control, actually. OEMs just don't want you to have that control, so they can make more money. There are proprietary components that are closed source (eg. almost every bloat and Play Store app) but the core is free software.
The EU is signatory to the Berne Convention, is it not? That means copyright is enforceable in the EU. That means Google's core Android software (which is NOT open-source) is not fair game. Sure, you can use AOSP or roll your own (just as you can roll your own car computer software), but it's a strictly YOYO affair.
You need to differentiate Android the trademark, Android the software (including Linux kernel, userland, and AOSP), and the proprietary Google apps and frameworks that run on Android (GSF, Play apps, etc), because saying "Android software, by law, is NOT under your control" is simply not true. While Google may own the Android trademark, the Android kernel (modified Linux kernel) is licensed under the GPLv2, while the userland and AOSP are licensed under Apache 2.0, which makes the whole package Free Software as defined by the FSF. That's how custom distributions of Android are able to exist, because it is legal to do so. For example, I am posting this from my Android (the trademark) device running LineageOS 16, and I don't use Google apps or services otherwise what comes with the AOSP. Compare this freedom to iOS, which is closed source and proprietary.
GSF and associated functionality is NOT a core feature of Android. When Google took over Android, they extended and replaced the Android Market with the proprietary Google Play Store, and used their leverage as the new figurehead for the Android trademark and codebase to push their apps on OEMs, resellers, and end users. Why do you think the EU (and recently India) are going after Google for anti-trust lawsuits? Because "Android" does not mean "Google bloat" and their pervasiveness in the Android ecosystem pushes out most competition on the platform. Apple can get away with having Safari, FaceTime, and etc. on all the devices they sell, because the "iPhone" is expressly a single, homogeneous entity and the built-in apps are baked-in features of the iOS software.
Yes, Google is almost expected to be a part of any Android device despite being functionally independent, but the only reason GSF is such a standard is because Google pushes it and provides lots of nice APIs and services you can't get anywhere else; I don't like or use them personally but it's not hard to see their worth to the average app developer. Want to distribute your cool app to as many people as possible on a trusted network? OK, release your app on Google Play for a small fee, sign up to Google AdWords, and get your app presented on the millions of devices showing Google ads. Want to show your own ads and make money off of your app? Embed this simple API in your codebase, and add a few function calls to pop up some revenue generators. The whole process is practically effortless and very affordable, not to mention Google gets a cut of any revenue you generate from app sales and advertising, so of course they're going to push their APIs over everyone else.
There are other app stores (too many to count, I use F-Droid), other advertising methods and APIs, other stock apps to include with a phone. Google just happens to be the owner of some of the best you could possibly be using, for developers and frequently for end users.
"Yes, Google is almost expected to be a part of any Android device despite being functionally independent, but the only reason GSF is such a standard is because Google pushes it and provides lots of nice APIs and services you can't get anywhere else;"
Which means, for at least 95% of the smartphone population, enough to exert overwhelming influence, that's Android, full stop. You always have to take Joe Ordinary into consideration when you consider the Android brand, given their actions take the rest of us with them. Thus, why most phones lack removable batteries, SD slots, and completely unlocked software.
Now you're talking about Android-compatible hardware. I was expressly talking about your phrasing in relation to the Android software and branding, not hardware. In that regard, just because Android is colloquially known as a single entity comprised of Google apps, AOSP, and vendor bloat doesn't make the phrase "the Android software, by law, is NOT under your control" any less incorrect, no matter what malarkey Joe Ordinary is up to lately.
If when you said that, you meant "Android hardware" instead of "Android software" then, yes, you would have been correct, since most Android-compatible hardware vendors are not very keen on sharing their design documents and other such secrets. Other correct answers would have been the Google Services Framework, Play backend APIs, etc., and the Android brand/trademark. Otherwise, while Google may have significant impact on the Android ecosystem, they still can't stop you from doing pretty much whatever you want with the software.
To help make things a little clearer:
I'm really tired so please try to excuse any inaccuracies.
Fair point. But using something like Windows 10 isn't a whole lot better.
I never got to actually use or even try out a MSWindows Mobile device, but my impression was that it actually gave you MORE control over your device than either iOS or Android. Ironic if you think about it.
"my impression was that it actually gave you MORE control over your device than either iOS or Android. Ironic if you think about it"
That's because they didn't have the market share. Before you can start dictating how things should be (to your advantage) you must first have a near-monopoly. MS has that with the PC OS, and Google on phones.
Exactly. Barring such things as the "Secure" Boot function in many modern UEFI firmwares, you are allowed to install or not install exactly whatever software you want on machines you bought and paid for. Even with all the crap MSWin10 bundles in, there are workarounds that can excise much of that out. That's because, as *YOUR* device, you (or in the case of managed corporate assets, the IT department) automatically have root access available to you, without having to have a Papal Dispensation to do it.
It's completely unacceptable that cellphone makers can demand exaggerated prices for their crapware, and have the chutzpah to tell you you can't actually manage the systems as you see fit. I'd think a good solution would be to require cellphone manufacturers to provide unlock codes/software for ALL their devices, so we can re-flash them with alternatives like LineageOS. No having to say "mother may I" or groveling to get the codes, but rather available to any and all.
...is that for some stupid reason Google decided to let manufacturers/carriers make it impossible to uninstall the stuff without rooting the phone. If you're lucky you can at least 'deactivate' it, but it'll still sit there taking up internal storage space. And then they made it so you can't install apps to the SD card either so that's fun to try and deal with.
It is possible to de-bloat your phone without root access by using one of the simple guides such as the following which uses the ADB Shell command prompt over a USB cable to uninstall packages identified using the Application Inspector App:
I have successfully used this method to remove several Android and Samsung Apps that I know I will never have any use for. Just be careful not to remove a critical application like Google Play Services however it is possible to re-install these if you decide that you made a mistake.
As far as I understand, it doesn't remove the app from the system, just uninstalls it for the user, so you can't reclaim the disk space.
Still, I might give it a go, since there's no rootkit available for my phone and this could at least free some RAM and prevent some spying.
Yes I think you are correct in that it removes the package for the current user.
If you consider that Bloatware is basically three parts: 1) consumption of storage space; 2) crapware/security vulnerabilities running in the background; 3) cluttering up the UI then I believe this solves the last two but not the first.
I consider it a small price to pay for not having to root and still receive updates.
why critical? I mean, I cut out any (visible and semi-visible) traits of google play services in my old (rooted) phone, and I never saw any problems. But then, I don't use google play store, google maps, google music, google mail, google calendar and all other google (...) which can be substituted with non-google equivalents.
btw, is google play services indispensable to the regular OS operation? Now I'm asking seriously.
OK, you can argue whether Google Play Services is truly "critical" or not but my understanding is that it is intertwined with other Apps and Services so I thought it best not to uninstall it. I'm not sure what would happen it you uninstalled it.
Apps can choose to implement GSF and other Play-related APIs. They are not critical to AOSP functionality. Unless you are using an Android distribution that has a hard dependency on GSF or related functionality, it is entirely safe to remove. Most apps can run without GSF and will display an error message when trying to utilize it instead of crashing.
On my new phone (a PocoF1 if that matters) I decided to go cold turkey with LineageOS and not install any Google Apps or Google Play services. Most things are absolutely fine. A few things complain about lack of Google Play Service but continue to work (if you click through the warnings). These include the "National Rail" app, Hive and surprisingly Nest. For mapping I have use HereWeGo which is okay.
Everything else seems fine. The only completely broken thing for me is RingGo which starts but just blows away. I can use their mobile website for that. I guess it would probably work if I took a microG version of LineageOS but as I'm mostly there I have resisted. (microG being an open source reimplementation of the Google Play Services, not everything is there )
I would LOVE to see legislation FORCING manufacturers and carriers to provide an option to unlock the bootloader (in exchange for immediate and permanent loss of any warranties). But then, this is never going to happen, because of all the bleating about SAFETY! CHILDREN! TERRORISTS! HACKERS! Read: lost revenue! lost revenue! lost revenue!
That said, no government would introduce such legislation.
The main problem is that the average folk just don't care. Present one and they'll even sign a contact that says so.
The thought process is 'gimme selfies, gimme Facebook, gimme instgram, gimme twatta, gimme fame, gimme gimme gimme'.
The worst part, studies like this make it look mature and sensible to buy an Apple. $$$$
Yes. And, consumers have been conditioned to be just that.
The addiction will only end for those that reach a certain pain point--well beyond those little annoyances that send them back to the phone store where they feed their addiction. I've heard that the term used in addiction circles is "rock bottom". Yes, that's how bad it's going to have to get before the market gets clean and sober.
"also harvests personal information and in some cases even introduces malware"
I'm not sure I understand the difference here. Software I did not install, don't want, and never use is harvesting personal and sending it... somewhere. That's not a potential risk vector that could contain vulnerabilities allowing malware to be installed, it is malware.
I installed a no-root firewall in my Sony Z1 as soon as I got it maybe 5 years ago.
One thing that immediately grabbed my attention was that the Sony Keyboard App tries to contact t'internet on a regular basis.
Of course this is where I type in passwords and the like. WTF!!!???!?
LG. has tried to update its bloat/spyware and enable it in the process. I won't allow it to update -even though LG pretends it's important security stuff. (As if.)
Phone manufacturers don't care about security a few years down the line. They do care about spying on you, however. I prefer Apple, but they are just too expensive.
Both these will need a PC with the android drivers installed, and ADB access enabled in the phone.
You can avoid messing with CLI and downloading the ADB binaries as both come with the required files (feel free to update with newer versions)
The easiest to use for everyone is APK Installer.
And for total control or for the more nerdy, a TotalComander / GhostCommander ADB plugin
Happy de-bloat day \o/
"Google might be a prime candidate for it given its capacity for licensing vendors and its certification programs," the researchers note.
Man, I'd like to know what they were smoking/snorting when they came up with *THAT* observation...
Kind of like the proverbial fox guarding the proverbial henhouse...
I could see at least ONE vendor-specific app I'd want back.
On the older Motorola phones (like the Droid Razr HD) the phone was able to handle voice recognition for dialing from a BT headset completely on it's own, no special user accounts or mobile data needed. NOW in the current models (like the Moto e5) they decided to dump taht perfectly functional stand-alone app in exchange for "Google ASSistant", which requires you to set it up in full-on Hack-Me/Spy-On-Me/Screw-The-User Mode.
Granted, in a properly designed, completely open infrastructure, you'd be able to install the stand-alone app on your own anyway.
I fully agree with all the comments about controlling your device. That option should be available to those who can take advantage of it.
And that option IS available...though you have to do some work to get there. Personally, I run a rooted device with LOS 16 on it. No bloatware, full control.
But most people can't do that. The subject is complicated, ever-changing, and requires a great deal of attention to keep up with it. Also, while the only way to fully secure an android is to first root it, once you do that it ceases to be an appliance and becomes a device that you have to manage...and you can easily brick it. This is too much for most people.
The solution - if there is one - is to change the marketing model in a fashion that discourages these abuses. The EU privacy laws are a decent start in that direction, though there needs to be some heavy fines for non-compliant companies.
And as for whether Google Play Services is needed on an android to retain functionality...
The phone will run just fine without any of the google stuff on it. But Uber will not work unless Google Maps is present. And Signal, of all things, won't work without a fully enabled google play services. I was forced to add google stuff to my phone if I wanted to use these apps. I make heavy use of Signal, and from time to time calling an Uber is very convenient. So... Shrug.
Biting the hand that feeds IT © 1998–2019