By APCNews 13 January 2020
On 8 January 2020, Privacy International issued an open letter to Sundar Pichai, CEO of Google parent company Alphabet Inc., asking Google to “take action against exploitative pre-installed software on Android devices.” The letter is both a caution and a call to action against exploitation of smartphone users by manufacturers who put profit over privacy by pre-installing apps, known as “bloatware”, on low-cost devices.
The campaign on privacy safeguards for users of low-cost technology has been endorsed by over 50 other global organisations, including the Association for Progressive Communications (APC). It urges Google to address their substandard privacy and security settings built into low-cost Android devices, which run pre-installed apps that users cannot delete and which may compromise their data. The recommendations include giving users the ability to permanently uninstall these apps (and related background services), ensuring that any such apps follow the same permissions controls as Google Play Store apps, and building update mechanisms into these apps. Furthermore, the letter notes that Google should refuse to certify devices through their Play Protect services on privacy grounds in cases where manufacturers load pre-installed apps into devices. As it stands, the warning by Google that “devices that aren't Play Protect certified may not be secure” is meaningless when exploitative, permanent and unmonitored bloatware comes pre-installed even on devices that are certified by Google Play Protect.
APC supports the points raised and agrees with Pichai that “privacy cannot be a luxury offered only to those people who can afford it.” We furthermore note that it is important to consider the people who primarily use these low-cost devices, and the countries and regions where they are most prevalent. In particular, users in low-income regions who may not be able to afford high-end devices are particularly susceptible to this form of exploitation, rendering them increasingly vulnerable to privacy and security breaches. The impact on their lives from exploitative business models may pose heightened risks by leaving them vulnerable to government and/or lateral surveillance. Consider, for example, cases where mobile phones are used in campaigns to combat online gender-based violence, in the defence of indigenous people’s human rights, or for political participation by citizens. Mobile phones can be powerful tools, but can also leave users exposed and vulnerable without proper measures to ensure accountability, security and transparency.
As ICT and human rights advocate David Souter notes, a phone is not a phone in the digital society; it has the potential, for better or worse, to be so much more. Google has the responsibility to create more socially and ethically responsible models of privacy and security, particularly for low-cost device users. We call on CEO Sundar Pichai to address the urgent changes outlined in this statement in order to implement directives that protect people against exploitative business models.