In order to differentiate their offerings from the competition, vendors are unnecessarily introducing a host of potential security issues that don't seem to be improving over time, computer scientists at North Carolina State University reported.
They said they looked at pre-installed apps on flagship phones from Google, HTC, Samsung, LG, and Sony, analyzing the number of pre-installed apps, which permissions they have, and whether they contain any vulnerabilities.
In total, the devices had 1,548 pre-loaded apps, 82 percent of which were added by vendors to customize the device, ZDNet reported Wednesday.
The biggest problem from a security perspective, the computer scientists said, was that they behaved badly; 86 percent of all pre-loaded apps requested more Android permissions than they actually use, which they term as "over-privileged."
All vendors performed poorly in this, the researchers said.
Even when possible security risks represented by over-privileged or vulnerable apps are identified, Android smartphone makers are slow to release security patches and then only for some of their devices, the researchers said.