The pre-installed crapware that fills many Android phones is more than just annoying -- it also frequently opens up big security holes. Here's how to kill the crapware and keep your phone safe and in tip-top shape.
The crapware problem is much worse than you think. New research by the Department of Computer Science at North Carolina State University found that many popular Android phones are vulnerable because of security holes introduced by pre-installed apps you don't want.
The researchers examined ten Android phones, looking for how much crapware is on each, although they preferred the gentler and more academic-sounding term "vendor customizations." They then examined the crapware to see if it made the phones more vulnerable. The phones they studied were Google's Nexus S and Nexus 4, HTC's Wildfire S and One X, Samsung's Galaxy S2 and S3, Sony's Xpreia Arc S and Xperia SL, and LG's Optimus P350 and P8880. The results are sobering -- and scary. Here's the summary of their findings:
"Our results also show that vendor customizations are responsible for a large proportion of the vulnerabilities in each phone. For the Samsung, HTC, and LG phones, between 64.71% and 85.00% of the vulnerabilities were due to vendor customizations. This pattern was largely stable over time, with the notable exception of HTC, whose current offering is markedly more secure than the last-generation model we evaluated."
The core of the problem are apps that the researchers call "over-privileged." That means that apps get more access to the phones' various systems, data, and resources than they actually use. That leaves the phone open to exploitations.
Of the phones, which are the least and most secure? Here are the findings:
"The HTC Wildfire S is still the least secure pre-2012 device, but only by a hair -- the Samsung Galaxy S2 has only one fewer vulnerability. The Sony Xperia Arc S is tied with the Google Nexus S for the most secure pre-2012 device. Meanwhile, there is a complete shake-up among the post-2012 devices: the Samsung Galaxy S3 has 40 vulnerabilities to the LG Optimus P880's 26, while the HTC One X (at 15 vulnerabilities) falls to mid-pack, behind the Nexus 4 (at three) and the Sony Xperia SL (at eight)."
Even if you don't have one of those phones, pre-installed crapware is making your phone less secure. So to make your phone safer, you should disable or kill the crapware. There's the easy way and the hard way. The easy way disables the apps but doesn't remove them from the device. And to use it, your phone has to have Ice Cream Sandwich (Android 4.0 or above). The hard way requires you to root your phone, then use a free app.
If you've got Android 4.0 or above and want to disable the crapware without rooting the phone, here's how to do it. Note that many manufacturers have customized Android, so the instructions here might differ a bit from what you'll see on your phone. But the general instructions and principles are the same.
First, go to Settings. You'll find the Settings menu in the App Menu , or else you can get there by pulling down the notification drawer and tapping Settings. Once you're there, go to "Apps." Depending on your phone, it might be called "Manage Apps," or even "Application Manager."
Now swipe to the All apps list. Scroll to find an app you want to disable. Tap it. The App Info page appears. If the app isn't true crapware, there will be an Uninstall button. Simply tap the button to uninstall the app. But if it is crapware, an Uninstall button won't be there. There will, however, be a button that reads either "Uninstall updates" or Disable. If there's an "Uninstall updates" button, tap it. The button will change to read Disable. Tap the Disable button. That will disable the app, and from now on, the app won't launch in the background. If you want to enable the app, head back to the All apps list. You'll find disabled apps at the bottom. Tap any you want to enable, then tap the Enable button.
Disabling the app, won't actually remove it from your system, which means it will take up hard disk space. That shouldn't be a problem. But if you absolutely, positively want to get the app off your system, you're going to have to root your phone, then use a free piece of software called NoBloat Free. There are plenty of ways to root your phone, and my suggestion is to do an Internet search. Keep in mind that it can prove to be problematic, and you'll void your phone's warranty if you do it, so make sure it's really something you want to do. A few good starting points are this page from Android Central and this page from LifeHacker. Once you've rooted the phone, run NoBloat Free.