Over 50 organizations including the Privacy International, Digital Rights Foundation, DuckDuckGo, and Electronic Frontier Foundation have written an open letter to Alphabet and Google's CEO Sundar Pichai about exploitive pre-installed bloatware on Android devices and how they pose a privacy risk to consumers.
The open letter says that all Android OEMs pre-install their devices with apps that cannot be deleted and that due to their privileged custom permissions, they can bypass the Android permission model. This allows them to gain access to the microphone, camera, and location without user intervention. This has led many smartphone OEMs to collect user data without their explicit permission and use it for their benefit.
Thus, the group wants Google to make some changes to how Android handles pre-installed apps a.k.a bloatware. They want the company to provide users with the ability to permanently uninstall all pre-installed apps on their devices. While some pre-loaded apps can be disabled on Android devices, they continue to run some background processes which makes disabling them a moot point.
The open letter requests Google to ensure that pre-installed apps go through the same scrutiny as all the apps listed on the Google Play Store. They also want all pre-installed apps to be updated through Google Play even if the device does not have a user logged into it. Google should also not certify devices on privacy grounds if it detects that an OEM is trying to exploit users' privacy and their data.
Google made a number of privacy-focused changes in Android 10 but there's a lot the company can still do to secure the platform and keep users safe from pre-installed apps that exploit their data.