Skip to main content

Samsung keyboard security flaw: The time has come to end bloatware

At least 600 million Samsung users are still at risk due to a major security flaw that opens up photos, messages, phone calls and a slew of other personal data to attackers.

The company has still not issued a fix (though it says one is coming soon) for the vulnerability, which stems from the way the company used third-party software.

The fact that the biggest Android manufacturer in the world put its users at risk for so long highlights a much bigger problem within the Android ecosystem: bloatware.

All those extra apps that come pre-loaded on our phones are not only annoying eyesores. They often open us up to potential security threats.

If Lenovo's Superfish fiasco has taught us anything it's that bloatware needs to go once and for all. Manufacturers and carriers need to give us back control over the apps on our phones.

What is bloatware

Bloatware refers to software that comes preloaded on a device that often can't be manually removed by the device owner. This includes carrier apps from Verizon, T-Mobile, AT&T and others, as well as those directly from the device manufacturer, like HTC, Samsung and LG.

Like much of smartphone software, bloatware began on the PC. PC makers have been bundling everything from anti-virus software to media players, games and other types of software for years. (For a more thorough list of how much crap comes on a new PC, PCWorld compiled a list of all the pre-installed software they found on a range of new laptops here.)

For manufacturers, the goal of all this, of course, is to increase their bottom line. As PCWorld points out, each time someone pays for a pre-installed antivirus program or plays an ad-filled game, it increases the manufacturer's margins on that device and, ultimately, their bottom line. The most egregious example of this type of PC bloat is Lenovo with Superfish, which injected malicious spyware into some of the company's laptops.

Smartphones are even worse

On smartphones, primarily Android, bloatware is a far worse problem than PCs for a number of reasons. To start, those preinstalled apps are impossible to remove without rooting your device, a not so simple process that usually voids the manufacturer's warranty as well. Additionally, smartphone users are often inundated with unwanted apps from both device manufacturers and their carriers. A Samsung handset from AT&T, for example, may come with messaging and navigations apps from Samsung, Google and AT&T.

Though Samsung has toned done much of its bloatware in recent devices —perhaps after realizing many of its offerings were unpopular — the company has also eschewed the microSD slot in its latest pair of flagships. This means users can no longer add extra storage when their device fills up which, as others have noted, makes the problem of unnecessary resource-hogging apps all the more egregious.

And as evidenced by Samsung's faulty implementation of SwiftKey's software, all of these extra apps are not just annoying data hogs but a potential security vulnerability, says Andrew Hoog, CEO of NowSecure, the company that initially reported Samsung's vulnerability.

"Yes, this is possible and this underscores the need for developers and OEMs to test apps before they are shipped to consumers," Hoog tells Mashable in an email, referring to other pre-loaded apps having major security flaws. "We find in our research that 48% of the apps in the stores have at least one high risk vulnerability."

Hoog notes that the real issue is lack of proper testing on the part of carriers and device manufacturers, which could potentially identify such bugs before they make it onto our devices.

"We believe users should have more control over apps, but security issues can appear even on apps that are essential to the phone's operation," he writes. "The more important issue is that apps need to be more thoroughly tested before they are released."

Though he makes a fair point — security is all too often an afterthought — the risk from Samsung's security flaws could be easily sidestepped if users were able to fully remove the offending software themselves. At least then affected users would be able to take steps to protect themselves from potential attacks, rather than wait for Samsung to issue a fix.

The fact is, we've put up with crap on our phones for too long. It's time for carriers and manufacturers, especially Samsung, to finally take a stand on bloatware. We can, and should, have full control over the apps on our phones.

Have something to add to this story? Share it in the comments.


Source: Samsung keyboard security flaw: The time has come to end bloatware

Comments

Post a Comment

Popular posts from this blog

Samsung is building a revolutionary ROLL-UP smartphone

GETTY • US PATENT OFFICE Example of a flexible display, LEFT, and the illustrations filed with the Samsung patent, RIGHT Samsung has been awarded a US patent for a brand-new foldable, rollable display to use across its smartphone and tablet ranges. The South Korean technology firm recently used its flexible display technology in the award-winning Galaxy S6 Edge, which has a dual curved QHD screen. However this latest patent, which was published by the United States Patent and Trademark Office, shows the company has bolder ambitions for its curved displays. The illustrations filed with the approved patent reveal a cylindrical hub, which houses the rolled display – which unfurls like a pair of window blinds. US PATENT OFFICE The US patent contains a futuristic cylindrical smartphone with a roll-up display Users then pull a tab at the end of the multitouch display to unroll it from the hub and use the full screen real estate available on the tablet or smartphone. To achiev
Post a Comment
Read more

The Samsung Galaxy Note7 (S820) Review

This year has been difficult for smartphones, which is a bit of a paradox when you consider just how much better things have gotten compared to last year. With Snapdragon 820, 650, 652, and 625 we've finally moved past the shadow of the Snapdragon 810, 808, and 617/615. While there were Android devices that shipped with the Exynos 7420, they were often paired with a modem that was not necessarily the most power efficient. Despite all of this, there seems to be a general disappointment with smartphones. People are increasingly finding it hard to justify phones like the HTC 10 or Galaxy S7 with competition from OnePlus, Xiaomi, and even Apple with their iPhone SE. In this context the Galaxy Note7 brings much of the flavor of the Galaxy S7 edge, but blends it with the S-Pen of the Note line and a few new features like the iris scanner. If you were paying attention to the industry with the launch of the Galaxy S6 and Galaxy Note5, it's very much more of the same rather than the m
Post a Comment
Read more

Why do Android fanboys hate admitting that Samsung copied Apple?

It's impossible to cover the mobile market without diving into the good ol' "iOS vs. Android" debate from time to time. These are the two biggest mobile platforms on the planet, so they're constantly being compared. Likewise, Samsung and Apple are the world's top two smartphone vendors, so their phones are constantly pitted against each other as well. Of course, there's another reason Apple and Samsung are often mentioned in the same breath: after entering the market, Samsung quickly grew to become the top mobile device maker on the planet thanks in large part to Apple. First, Samsung did everything it possibly could to copy Apple's iPhone and iPad. Then, it spent billions upon billions of dollars belittling Apple products in TV, online, and print advertising. Samsung spent years positioning its own devices as the cool alternative to Apple's iPhone, and its efforts paid off big time. Even now, Samsung continues to copy Apple all the time acro
Post a Comment
Read more