Home > Security > The dangers of mandatory software on smartphones

The dangers of mandatory software on smartphones

I awoke this morning to find an email from Evernote, the company that has the product of the same name for note taking, saying that they had been hacked and that I should change my password.  T-Mobile installs this software, along with many other pieces of software, on my smartphone by default and does not allow the customer to remove it.  Luckily the attack against this product was not against the individual installations of the software but rather against the parent server where all the information is stored.

Unfortunately having unwanted software installed on phones is a security problem.  The basic rule is that if the software isn’t installed on one’s computer then the software cannot be used as an attack vector.  My first smartphone came loaded with five pieces of software that I could not remove.  The Galaxy S that I purchased last November came with thirty-nine.  And that was just the pieces of software that are visible.  Last year we heard about CarrierIQ being installed on nearly every smartphone in America.  This software had some very scary features that could allow the cellphone carrier, the software owner, or anyone else able to break into the software, access to everything contained within the phone and every message sent and received (including key strokes).

There’s another price to be paid for this mandatory software.  Updates need to be downloaded and installed which take up space on the smartphone and uses up valuable bandwidth.  With cellphone companies complaining about usage of their wireless networks it seems silly that some of this is required by the companies themselves.

So what to do about this problem?  Cellphone companies should stop preventing users from removing software from their phones.  If they want to load up the device with lots of software that they feel the user might like that’s fine but keeping people from removing that software is wrong.  If the companies won’t stop this bad practice on their own then perhaps if they get enough complaints from customers then they will change their practices.  I guess the only other option is rooting our phones or just purchasing them outright.  Still it shouldn’t be so difficult to maintain a secure computing environment.  And with privacy and so much money at stake the problem will only get worse.

  1. Robert
    2013-03-04 at 09:44 EST

    Since Android 4.0 you can go to the installed applications settings panel and disable it. For Android a disabled applications is one that behaves like it was never installed. Android ignores its .apk and never expose it to others part of the system (with the exception of this panel). This allows you to ignore any preloaded applications. I do this for the Facebook client that always starts a service and I never has given it my user, so it is a waste of resources and more importantly, I don’t know what it is sending from that service

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s