Jump to content

Bloatware: Difference between revisions

From Consumer Rights Wiki
← Older editNewer edit →
VisualWikitext
Rudxain (talk | contribs)
confirmed, superconfirmed
890 edits
m specify section in archive URL: "infinite-state" heading
Rudxain (talk | contribs)
confirmed, superconfirmed
890 edits
m expand and link PII; hyphenate "geolocation"
Line 13: Line 13:


==Why it is a problem<!-- There should be information added regarding the users' lack of ability to remove bloatware as well; this is a particularly relevant topic for consumer rights because it means that a person does not have the power to determine what programs and apps are on their devices. -->==
==Why it is a problem<!-- There should be information added regarding the users' lack of ability to remove bloatware as well; this is a particularly relevant topic for consumer rights because it means that a person does not have the power to determine what programs and apps are on their devices. -->==
Bloatware often arises as pre-installed software and applications because the device manufacturer (OEM) has a contract or partnership with another corporation. The terms and processes leading to these partnerships, however, lack transparency. One study determined that personal data collection and user tracking was prevalent in pre-installed apps, with the data collection incluing PII and geolocation data, personal email and phone call metadata, contacts, behavioral and usage statistics as well as isolated malware samples.<ref>''J. Gamba, M. Rashed, A. Razaghpanah, J. Tapiador and N. Vallina-Rodriguez, "An Analysis of Pre-installed Android Software," 2020 IEEE Symposium on Security and Privacy (SP), San Francisco, CA, USA, 2020, pp. 1039-1055, doi: 10.1109/SP40000.2020.00013.'' https://ieeexplore.ieee.org/document/9152633 Accessed 2''6 Feb 2026.'' ([http://web.archive.org/web/20251130162318/https://www.researchgate.net/publication/332932516_An_Analysis_of_Pre-installed_Android_Software Archived])</ref>
Bloatware often arises as pre-installed software and applications because the device manufacturer (OEM) has a contract or partnership with another corporation. The terms and processes leading to these partnerships, however, lack transparency. One study determined that personal data collection and user tracking was prevalent in pre-installed apps, with the data collection including [[wikipedia:Personal_data|personally identifying info]] (PII) and geo-location data, personal email and phone call metadata, contacts, behavioral and usage statistics as well as isolated malware samples.<ref>''J. Gamba, M. Rashed, A. Razaghpanah, J. Tapiador and N. Vallina-Rodriguez, "An Analysis of Pre-installed Android Software," 2020 IEEE Symposium on Security and Privacy (SP), San Francisco, CA, USA, 2020, pp. 1039-1055, doi: 10.1109/SP40000.2020.00013.'' https://ieeexplore.ieee.org/document/9152633 Accessed 2''6 Feb 2026.'' ([http://web.archive.org/web/20251130162318/https://www.researchgate.net/publication/332932516_An_Analysis_of_Pre-installed_Android_Software Archived])</ref>


Bloat, in any of its forms, raises privacy and security concerns<ref>{{Cite web |last=Hubert |first=Bert |date=2024-02-08 |title=Why Bloat Is Still Software’s Biggest Vulnerability |url=https://spectrum.ieee.org/lean-software-development |access-date=2025-11-21 |website=IEEE Spectrum |url-status=live |archive-url=http://web.archive.org/web/20260131190126/https://spectrum.ieee.org/lean-software-development |archive-date=31 Jan 2026}}</ref>.<!-- These privacy and security concerns should be detailed and explained. It would be the core point of this article. --> As a rule of thumb, every added branch of code can make a program exponentially harder to prove for correctness<ref>https://gavinhoward.com/2024/03/what-computers-cannot-do-the-consequences-of-turing-completeness#infinite-state ([http://web.archive.org/web/20251214082939/https://gavinhoward.com/2024/03/what-computers-cannot-do-the-consequences-of-turing-completeness#infinite-state Archived])</ref>, making it impractical or impossible to verify that a program is not malicious (such as [[spyware]]) or has an exploitable [[wikipedia:Software_vulnerabilities|vulnerability]]. The problem is exacerbated if the app is not [[wikipedia:Open-source_software|open-source]] or [[wikipedia:Source-available_software|source-available]], since [[wikipedia:Reverse_engineering|reverse engineering]] is difficult and (in some cases) illegal. This means that user is unable to control or ensure the safety of their devices.
Bloat, in any of its forms, raises privacy and security concerns<ref>{{Cite web |last=Hubert |first=Bert |date=2024-02-08 |title=Why Bloat Is Still Software’s Biggest Vulnerability |url=https://spectrum.ieee.org/lean-software-development |access-date=2025-11-21 |website=IEEE Spectrum |url-status=live |archive-url=http://web.archive.org/web/20260131190126/https://spectrum.ieee.org/lean-software-development |archive-date=31 Jan 2026}}</ref>.<!-- These privacy and security concerns should be detailed and explained. It would be the core point of this article. --> As a rule of thumb, every added branch of code can make a program exponentially harder to prove for correctness<ref>https://gavinhoward.com/2024/03/what-computers-cannot-do-the-consequences-of-turing-completeness#infinite-state ([http://web.archive.org/web/20251214082939/https://gavinhoward.com/2024/03/what-computers-cannot-do-the-consequences-of-turing-completeness#infinite-state Archived])</ref>, making it impractical or impossible to verify that a program is not malicious (such as [[spyware]]) or has an exploitable [[wikipedia:Software_vulnerabilities|vulnerability]]. The problem is exacerbated if the app is not [[wikipedia:Open-source_software|open-source]] or [[wikipedia:Source-available_software|source-available]], since [[wikipedia:Reverse_engineering|reverse engineering]] is difficult and (in some cases) illegal. This means that user is unable to control or ensure the safety of their devices.

Revision as of 03:29, 12 March 2026

Article Status Notice: This Article is a stub

This article is underdeveloped, and needs additional work to meet the wiki's Content Guidelines and be in line with our Mission Statement for comprehensive coverage of consumer protection issues. Learn more ▼

There are multiple definitions of bloatware within the context of software. They include:

While the term "bloatware" is commonly ascribed to software, hardware bloat also exists.[1] See IoT devices for examples.

Bloat can be a symptom of a decline in quality of devices and services, colloquially referred to as enshittification.

Why it is a problem

Bloatware often arises as pre-installed software and applications because the device manufacturer (OEM) has a contract or partnership with another corporation. The terms and processes leading to these partnerships, however, lack transparency. One study determined that personal data collection and user tracking was prevalent in pre-installed apps, with the data collection including personally identifying info (PII) and geo-location data, personal email and phone call metadata, contacts, behavioral and usage statistics as well as isolated malware samples.[2]

Bloat, in any of its forms, raises privacy and security concerns[3]. As a rule of thumb, every added branch of code can make a program exponentially harder to prove for correctness[4], making it impractical or impossible to verify that a program is not malicious (such as spyware) or has an exploitable vulnerability. The problem is exacerbated if the app is not open-source or source-available, since reverse engineering is difficult and (in some cases) illegal. This means that user is unable to control or ensure the safety of their devices.

Bloat is known for causing sub-par user experience:

  • Increased latency, "slowness", when using programs and applications[5]
  • High memory use prevents or impedes multitasking[6]
  • High power usage increases energy bills and reduces battery lifespan
  • Over reliance on network connections (e.g., internet) preventing data from being cached locally[7], which can both impede access as well as increase cellular-data billing
  • Instability issues due to difficulty in testing and verifying big codebases

If sustainable energy sources are not used to power these devices with bloatware, bloat can contribute to climate change. This is true for any excessive processing (CPU, GPU, etc.) and network abuse (such as AI training).

See also

References

  1. Ionescu, Bogdan (2025-09-13). "Hosting a WebSite on a Disposable Vape". BogdanTheGeek's Blog. Archived from the original on 9 Feb 2026. Retrieved 2026-01-15.
  2. J. Gamba, M. Rashed, A. Razaghpanah, J. Tapiador and N. Vallina-Rodriguez, "An Analysis of Pre-installed Android Software," 2020 IEEE Symposium on Security and Privacy (SP), San Francisco, CA, USA, 2020, pp. 1039-1055, doi: 10.1109/SP40000.2020.00013. https://ieeexplore.ieee.org/document/9152633 Accessed 26 Feb 2026. (Archived)
  3. Hubert, Bert (2024-02-08). "Why Bloat Is Still Software's Biggest Vulnerability". IEEE Spectrum. Archived from the original on 31 Jan 2026. Retrieved 2025-11-21.
  4. https://gavinhoward.com/2024/03/what-computers-cannot-do-the-consequences-of-turing-completeness#infinite-state (Archived)
  5. https://developer.mozilla.org/en-US/docs/Web/Performance (Archived)
  6. https://en.wikipedia.org/wiki/Thrashing_(computer_science) (Archived)
  7. "Local-first software: You own your data, in spite of the cloud". Ink & Switch. 2019. Archived from the original on 30 Jan 2026.
Retrieved from "https://consumerrights.wiki/index.php?title=Bloatware&oldid=42830"