统筹新快报记者洪文锋采写新快报记者陈庆麟卢云龙
Recently, CCTV's weekly quality report exposed the dark secrets of pre-installed software on Android phones: some pre-installed apps cannot be deleted through normal means. If users attempt to delete these apps by obtaining ROOT permissions themselves, customer service representatives from phone manufacturers warn that this will void the warranty. The investigation also revealed that after software is implanted into phones via firmware flashing, every activation of a pre-installed app generates economic benefits ranging from 0.8 yuan to 2 yuan for phone manufacturers, sales agents, and firmware flashing companies alike. A small-scale firmware flashing operation can generate profits exceeding one million yuan per month!
Channel distributors are the biggest culprits
In order to accelerate the popularization of smartphones, operators provide subsidies for their customized phones. At the same time, phone manufacturers install rich applications, including current popular uses as well as unique research and development APPs of their own brands. This helps promote brand awareness and stimulate public interest in using smartphones.
Reputable manufacturers conduct tests on pre-installed phone apps; applications that do not pass the test will not be placed in the phone, and they have strict monitoring standards, including strict control over data usage and battery consumption. Phone manufacturers also require APPs to be compatible with the phone, meaning the software must provide the most optimization. We can also see some applications specifically designed for certain models of phones, which can be said to be bundled with the phone itself, so the requirements for them are stricter, and they generally will not adversely affect the phone.
There are no tricks from phone manufacturers or operators, so the largest suspect tampering with mobile users' interests is the channel distributor. According to informed sources involved in the smartphone APP industry chain research, even for counterfeit phones, pre-installed software undergoes compatibility testing before leaving the factory to ensure it does not interfere with the phone’s operation. The real chaos in smartphone APP pre-installation occurs in the distribution channels. Many unscrupulous firmware flashers load ROMs with many software packages, some of which may include hidden fees. Mobile phone dealers can pre-install software into phones, mainly through firmware flashing, embedding the software directly into the ROM. On websites like JiFeng Forum and Application Hub, many "technology companies" primarily engaged in firmware flashing services can be found. As long as it's an Android system, they can create firmware packages, with promotion mainly targeting mobile phone dealers.
"Unanimous approval" profit chain
It's easy to dodge overt attacks but hard to guard against covert ones. For operator-customized phones, if fee-charging software is used, it requires SMS confirmation, allowing users to reject based on the prompt. If it's discovered that the manufacturer has pre-installed unreasonable fee-charging applications through third-party software service providers at the time of production, legal action can be pursued against the phone manufacturer. However, the third way, where sellers collaborate with manufacturers using channel promotion as leverage, or later-stage firmware flashing to pre-install applications, presents challenges difficult for users to resolve.
Revenue generation through channel methods can occur even when services are free, as long as advertisements are pushed and content promoted, generating value. Software manufacturers can earn revenue by charging advertisers and content providers. For example, a hotel booking mobile client can display check-in information for multiple hotels in various locations. After successfully placing a hotel reservation using the software, the relevant hotel needs to pay a commission to the software provider.
The investigation found that last year, a small warehouse in Huaqiangbei could flash firmware on 50,000 phones in a day. This year, 400 million legitimate phones will enter the market, and 70% of these phones have been flashed by large distributors and chain dealers. Thus, a small workshop can make over a million yuan annually. Estimating the volume of larger workshops is even more challenging, as huge profits drive many into the firmware flashing industry.
Informants' revelations were even more surprising. According to him, 70% of the phones entering mobile phone chain stores have been flashed, including well-known chains like Suning and DixinTong. From the publicly available "Pre-installed Fee Table," it shows that if calculated based on the activation of a single phone, phone software providers pay manufacturers between 0.8-1 yuan, agents between 1-1.5 yuan, and various levels of distributors between 1.5-2 yuan. Payments to the firmware flashing companies operating between software providers and distributors are also between 1.5-2 yuan. Observing the "profit-sharing" table, downstream charges are slightly higher because after upstream distributors flash firmware, lower-level distributors might remove it, whereas downstream distributors’ firmware flashing actions are the safest, resulting in higher software retention rates. Phone manufacturers can gain benefits through revenue sharing, firmware teams can easily make money through firmware flashing, and third-party software developers can charge merchants commissions based on activations and clicks. Everyone is happy—except the users.
People are increasingly dissatisfied with these "adware" on their phones. Even if pre-installed on the phone, users mostly choose to abandon, disable, or find ways to delete them. Since this practice is so detested, why are so many manufacturers, dealers, and firmware flashing companies still enthusiastic about pre-installing phone software? An interview with a marketing person from a phone manufacturer by CCTV showed that providing pre-installation services is profitable for both the manufacturers, phone agents, and sellers. Therefore, those who did not participate in malicious firmware flashing or installing harmful software either chose to assist or turn a blind eye.
Thus, a "unanimously approved" profit chain was formed, and the only victim of this profit chain is the phone user. In response, Consumer Association lawyer Qiu Baochang clearly stated: Pre-installed software that is difficult to uninstall and leads to difficulty in obtaining warranty service violates consumer rights protection laws and mobile phone three-guarantee regulations, infringing upon consumers' right to know, right to choose, and right to fair transactions.
N sins of pre-installed phone software
With the increasing popularity of smartphones, mobile software has become a new industry. However, some newly purchased phones come pre-installed with dozens of apps that users cannot uninstall, affecting performance speed and wasting phone data, slowing down users' phones and draining batteries. Some software even secretly charges users, posing a significant threat to smartphone users' expenses and information security.
Sin #1
Secretly running, slowing down performance
According to CCTV reports, Beijing consumer Xiao Wang noticed after purchasing a new phone that it came pre-installed with nearly 20 apps, most of which he didn't need. In Xiao Wang's view, these varied apps, although excessive, did not affect phone usage, so he paid no attention. However, soon after, Xiao Wang noticed his phone was getting slower.
To verify his suspicion, Xiao Wang sought help from a software safety detection agency in Beijing. Experts discovered that among the dozen pre-installed apps on Xiao Wang's phone, eight were running in the background without any visible presence on the main screen.
A phone expert pointed out that as the phone system starts up, the number of automatically running programs increases, inevitably leading to slower phone performance.
Sin #2
Secretly charging, stealing data
Besides secretly running and slowing down the phone, mobile security experts say that as the number of automatically running programs increases after the phone system starts up, the phone gets slower, and these programs interact with the manufacturer or update software, consuming phone data. In other words, these pre-installed apps may unknowingly increase your internet costs.
Additionally, in pursuit of profit, some phones are pre-installed with large amounts of junk software that secretly charges users. For instance, a malicious software named "Piranha" exposed last year not only disrupted normal use but also secretly charged users, deducting over 50 million yuan in phone fees annually. Similarly, another disguised "Android Upgrade Patch" charging software infected phones through mass SMS messages, making enormous profits considering the cost per message is only one to two fen.
CCTV reported that a mobile phone safety detection agency in Beijing discovered in the first half of the year that software in a gray-market phone secretly operated the phone, automatically sending SMS messages and pushing advertisements, causing financial losses and privacy breaches for phone users. A phone software engineer stated that the purpose was to earn related profits through advertisements and continuously updating the software to control phone users as "bots."
Sin #3
Cannot be normally uninstalled
Compared to the previous two sins, what is more shocking is that users cannot uninstall these apps through normal channels. When attempting to uninstall, the system displays "restore program to factory version" rather than completely uninstalling it, making it impossible to remove.
Indeed, for some high-level phone enthusiasts, they can obtain root access through firmware flashing to delete the troublesome apps. (Root access, also known as "super administrator" access, allows operations on system files and programs within the phone. To prevent inexperienced users from accidentally deleting important system programs, root access is generally not granted to regular users.) However, according to CCTV reports, if users modify the phone system through root access and delete pre-installed apps themselves, their phones will no longer be eligible for warranty service.
Pre-installed phone apps that are neither useful nor removable, and if users choose to modify the system to delete the apps, they forfeit the national three-guarantee policy. Faced with such awkwardness and helplessness, users have no choice but to endure the extra software running in the background and continue paying for the increasing phone data.
Sin #4
Possible leakage of user privacy
The CCTV report also mentioned that some non-uninstallable apps automatically run, consuming a large amount of data. Especially for gray-market and counterfeit phones, there is a possibility that they secretly operate the phone, automatically sending SMS messages and pushing advertisements, causing financial and privacy losses for phone users.
The National Internet Emergency Center released the "Second Quarter 2013 China Mobile Internet Application Security Detection and Analysis Report." Previously published data showed that currently, the National Network Information Security Technology Research Institute has detected over 2000 malicious applications, which have been downloaded nearly 45 million times, accounting for 11% of all application downloads. This means that out of every 9 apps downloaded, one belongs to malicious software. Among the exposed phone applications, the top four each had download volumes exceeding 2 million, with total downloads reaching tens of millions. These malicious softwares often disguise themselves as games, interface beautification programs, or commonly used tools, some containing Trojan viruses that destroy phone systems, others privately subscribing to additional services while quietly intercepting confirmation SMS messages from operators, and even recording users' login software account passwords, stealing payment accounts.
Additionally, experts stated that some suspicious applications do not actively attack phones but collect user account information and geographical location data, and can even automatically connect to networks and activate Bluetooth to send and receive data. These functions not only invade user privacy but could also pose threats to personal safety.