Mobile Threat Blog

  • Mobile
    Security Insights
  • Mobile
    Threat Research
  • Mobile
    Security Tips

Everyone hates craplets, also known as system apps or bloatware–those useless apps that come bundled with OEM computers, and with third-party Android phones. But craplets might be more than an annoyance, especially to enterprise security staff.

Craplets, because they are bundled by an OEM, aren’t subject to the vetting process Google normally applies to apps found on Google Play. Therefore, they represent a higher level of risk than apps we download from approved stores.

Worse, some power users can’t live with these apps–which can’t be deleted by normal means. Power users will root their Android device so they can delete these OEM apps. And once an Android device has been rooted, it constitutes another level of risk since most malware exploits only work on rooted Android devices.

This, ironically, is a case of apps that are riskier if they aren’t on the device than if they are–because this class of apps can only have been deleted due to the device being rooted.

No one likes craplets, because they clutter up the device. And because they’re rarely found to be useful. But in some cases, it’s far worse: Craplets can cause a user to compromise the device, which could lead to malware–which could lead to a major breach.