当前位置: X-MOL 学术J. Netw. Comput. Appl. › 论文详情
Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)
Pleasure or pain? An evaluation of the costs and utilities of bloatware applications in android smartphones
Journal of Network and Computer Applications ( IF 8.7 ) Pub Date : 2020-02-19 , DOI: 10.1016/j.jnca.2020.102578
Haroon Elahi , Guojun Wang , Jianer Chen

We investigate the privacy, security, and trust issues of the Android bloatware applications and evaluate the claims regarding their utility and the coverage of the functional needs of different end-user market segments. We analyze 17,179 bloatware applications, extracted from the firmware of 100 Android smartphones manufactured by nine leading original equipment manufacturers (OEMs), and conduct an online user study to validate the utility and coverage claims. We find an average of 172 bloatware applications in the firmware of examined smartphones. We discover that most of the bloatware applications can access sensitive data and critical device features in smartphones and perform critical functions. Their nature and abilities due to the use of Dangerous, Custom, and Signature Android Permissions can make privacy protection a complex task for the smartphone users, introduce trust issues, and expand the attack surface in the smartphones. We also provide a non-exhaustive set of examples of bloatware applications from smartphones of all nine brands that violate trust. Coming to their utilities, findings of our online user study involving 180 participants suggest that while most of the respondents agree that bloatware applications are useful to some extent, 39% of the respondents use 0–5 bloatware applications. An additional 35% of respondents use 6–10 bloatware applications. We also find that for their diverse functional needs, users depend more on applications acquired from different application markets. The results of our research suggest that while the pains of the bloatware applications are real, the claims regarding their pleasures need further investigation. We urge that the number and abilities of smartphone bloatware applications need to be constrained proportionally to their practical utilities for their users, and they must conform to security and privacy requirements for trustworthy systems.



中文翻译:

高兴还是痛苦?评估android智能手机中的膨胀软件应用程序的成本和实用性

我们将调查Android bloatware应用程序的隐私,安全性和信任问题,并评估有关其实用性和不同最终用户市场细分的功能需求范围的声明。我们分析了17179种膨胀软件应用程序,这些应用程序是从9家领先原始设备制造商(OEM)生产的100部Android智能手机的固件中提取的,并进行了在线用户研究,以验证实用程序和承保范围。在检查过的智能手机的固件中,我们平均发现172种过时软件应用程序。我们发现大多数膨胀软件应用程序都可以访问智能手机中的敏感数据和关键设备功能并执行关键功能。由于使用了危险,习俗,签名和Android权限可以使隐私保护成为智能手机用户的一项复杂任务,引入信任问题,并扩大智能手机的攻击面。我们还提供了来自九个违反信任关系的所有品牌的智能手机上的过时软件应用示例的详尽介绍。谈到它们的实用程序,我们的在线用户研究结果包含180名参与者,这表明,尽管大多数受访者都认为bloatware应用程序在某种程度上是有用的,但39%的受访者使用0-5 bloatware应用程序。另外35%的受访者使用6–10个过时软件应用程序。我们还发现,由于其多样化的功能需求,用户更多地依赖于来自不同应用程序市场的应用程序。我们的研究结果表明,尽管膨胀软件应用程序的痛苦是真实的,有关他们的快乐的主张还需要进一步调查。我们敦促智能手机膨胀软件应用程序的数量和功能需要与其用户的实用程序成比例地加以限制,并且它们必须符合可信赖系统的安全性和隐私要求。

更新日期:2020-02-19
down
wechat
bug