Android devices are equipped with many pre-installed applications which have the capability of tracking and monitoring users. Although applications coming pre-installed pose a great danger to user security and privacy, they have received little attention so far among researchers in the field. In this study, we collect a dataset comprising such applications and make it publicly available. Using this dataset, we analyze tracker SDKs, manifest files and the use of cloud services and report our results. We also conduct a user survey to understand concerns and perceptions of users. Last but not least, we present a risk scoring system which assigns scores for smart phones consolidating our findings based on carefully weighted criteria. With this scoring system, users could give their own trust decisions based on the available concise information about the security and privacy impacts of applications pre-installed on their Android devices.
翻译:Android装置配备了许多事先安装的应用程序,这些应用程序具有跟踪和监测用户的能力。尽管预先安装的应用程序对用户安全和隐私构成了极大的威胁,但迄今为止,这些应用程序在现场研究人员中很少受到关注。在本研究中,我们收集了包含此类应用程序的数据集,并向公众公布。我们利用这一数据集分析跟踪器SDK、显微文档和使用云服务,并报告我们的结果。我们还进行了用户调查,以了解用户的关切和看法。最后但同样重要的是,我们提出了一个风险评分系统,根据仔细加权的标准,为整合我们的调查结果的智能电话分配分数。有了这一评分系统,用户可以依据关于预先安装在安卓机装置上的应用对安全和隐私的影响的现有简明信息,做出自己的信任决定。