Apps displayed on a phone | Photo: Dhiraj Singh/Bloomberg
Apps displayed on a phone | Representational image | Dhiraj Singh | Bloomberg
Text Size:

The 59 Chinese apps banned by the Narendra Modi government, in the backdrop of tensions on the Line of Actual Control, posed significant privacy and security concerns to the unwitting Indians using them. Their presence also raised some grave national security concerns, given the link the developers of most of these apps have with the Chinese government. However, threats to privacy and security continue to linger on from some unsuspecting quarters. One such area is the presence of bloatware on mobile phones.

Also read: Can Chinese apps appeal India’s ban? Section 69A of IT Act has the answer

The bloatware problem

Bloatware may be defined as a system of pre-installed apps on select mobile devices that cannot be removed or even disabled without compromising on the functionality of the phone or exposing it to serious security concerns. These apps are installed primarily by handset manufacturers and often add significantly to their revenue. Several mobile manufacturers are able to keep the price of their device low because they compensate for reduced profits on the sale of devices by making additional profits through these third party apps. The problem is particularly acute with some of the Chinese mobile manufacturers. Xiaomi, for example, by some estimates, earned 9.1% of its revenue in 2018 through these pre-loaded apps and services. Samsung and other manufacturers have also adopted such business models, especially at the lower end of the price spectrum. However, this low price for customers often comes at a significant cost. Apart from consuming unnecessary space on the phone and being a drain on the device’s battery, these apps pose serious security threats because they collect user data in surreptitious ways that can easily be misused.

Surprisingly, the issue has received very little attention in both academic and policy circles. However, a paper titled An analysis of Pre-installed Android Software by researchers at the IMDEA Networks Institute, brings forth significant issues with these pre-installed apps.

Also read: Everyone’s talking about TikTok but ‘100 million’ Indian smartphone users are missing this app

What data is being collected?

These apps are designed to have what can be called custom permission that allows them bulk access to various features that are not available to other apps. Highlighting the gravity of the risk, the paper notes: “These actors have privileged access to system resources through their presence in preinstalled apps but also as third-party libraries embedded in them. Potential partnerships and deals – made behind closed doors between stakeholders – may have made user data a commodity before users purchase their devices or decide to install software of their own”

The paper also found that these apps collect extremely sensitive information that can range from data related to geo-location, information regarding other apps that a consumer is using on the phone to even personally identifiable information. All this data collected is shared with the advertisers and other analytics firms. These pre-installed apps have also been found to have embedded third-party libraries like Rootnik that can expose the users to banks and other kinds of monetary fraud. Such practices raise concerns about the privacy of individual users.

Also read: TikTok distanced itself from China in letter to Modi govt before India banned it: Report

Challenges regulating pre-installed apps

There are challenges in regulating these apps, especially in the absence of a robust data protection law. The device manufacturers work with a large network of vendors, and at times, it becomes difficult to trace the legitimate developer of such an app. This makes it difficult to fix accountability, which is further complicated by long supply chains in the app development business. However, South Korea has sought to regulate  use of such apps by imposing obligations on the handset manufacturers. These regulations require the phone makers to allow such pre-installed apps to be deleted, if a user wishes to, without compromising any of the functionalities of the device. Only four categories of apps: Wi-fi connectivity, near-field communication, customer service app and the Play Store have been allowed as an exception from this rule.

China has also adopted a similar approach. While the US and Europe don’t have specific regulations for these apps, they do have fairly robust laws on data protection, which does provide some level of security against these practices.

Also read: Chinese investments enjoy treaty protection. Beijing can drag New Delhi to tribunals

What India can do

Given that India does not yet have a dedicated law on data protection and the heightened privacy concerns associated with these apps, regulators in India must take proactive steps. Possible regulatory approaches can range from outright banning of such pre-installation to regulating it on the lines of South Korea. However, merely giving the option to delete these apps to the consumers may not be very effective in India as a large number of users here are not aware of the hidden risks associated with the use of such apps.

Therefore, the most effective way could be to make it obligatory on the device manufacturers to also provide the users with sufficient information on such apps, including full disclosure on the type of data being collected, the purpose for which data will be used and the entities with which such data will be shared, if any. Also, all this information should be communicated in a language that the user can understand easily. This approach will allow consumers to make an informed choice about the apps they want to use on their phones and risks associated with the same.

It is surprising to see that the issue has not received the attention that it deserves given the stakes involved. However, it is better late than never. Regulators must take note of this potential security lapse, especially in the light of current developments.

Ravi Shankar Jha @ravijhatweets is a Senior Investment Specialist at Invest India, Ministry of Commerce. Views are personal.

Subscribe to our channels on YouTube & Telegram

Why news media is in crisis & How you can fix it

India needs free, fair, non-hyphenated and questioning journalism even more as it faces multiple crises.

But the news media is in a crisis of its own. There have been brutal layoffs and pay-cuts. The best of journalism is shrinking, yielding to crude prime-time spectacle.

ThePrint has the finest young reporters, columnists and editors working for it. Sustaining journalism of this quality needs smart and thinking people like you to pay for it. Whether you live in India or overseas, you can do it here.

Support Our Journalism



  1. What about preinstalled Google apps? They are also a big impediment to competitive local ecosystem. Ex. I can’t uninstall chrome and use jio browser. I can’t uninstall Google drive for One drive/Airtel cloud/jio cloud. I can’t uninstall Google music for saavn or gaana. I can’t uninstall Google games. I can’t uninstall Google launcher, Google photos app, Google Go files app. They all are hindrance to build domestic vibrant ecosystem of apps. Only banning China apps or talking about Xiaomi preinstalled apps won’t help. Don’t make such flawed policies.

Comments are closed.