I looked through the AppHub APK last year after a friend told me they'd found unknown apps installed on their flagship Samsung, and I was very surprised to find some of the same "direct download" references you did.
I've known for a long time that T-Mobile shipped junk apps upon initial setup, but seeing them loaded OTA after a single click on an ad (even a few pixels off of the "x" button) is very concerning. Even putting aside the moral issues with practices like this, that's a huge security hole in a very large percentage of Android phones.
ADB can show you what package install'd a package. I've been running a setup but I gernally buy a bunch of the same phone, but after they get wifi they install masive amounts of junk.
Yup, can see what package installed a package both via ADB and even in the Settings > Apps GUI. Of course that's a slightly different question from whether the install was nonconsensual.
Are there any apps designed to specifically gate every install, including background OTA installs sent by carriers, because I'm security conscious with my devices but I have family who very much are not.
Ideally, I can just nag my non-tech savvy relatives to let me install such a security app for them and then enjoy having peace of mind for their behalf.
Not buying a carrier phone or buying an iPhone (which doesn't permit carriers to inject the same type of crap into the device, they can only influence access to certain settings). AppLovin cannot install anything in the background without deep system access, and manual installation of non-Google apps requires confirming at least three popups.
There are antivirus apps on Android that will warn you for this crap, but an antivirus cannot work on an operating system designed to install malware.
Having non-tech-savvy relatives throw out their phones, buy thousand dollar hardware and swap to an operating system they are unfamiliar with is an absolutely terrible solution to the problem.
Hyperbole of this comment aside, what else do you suggest then?
It's a fundamental tradeoff between allowing multiple ways for apps to be installed or forcing everything through a single installation workflow (a la iOS and its App Store).
Nothing in my comment was hyperbolic. The median price of a current gen iphone is $999. The people OP is asking about are not typical HN users; asking them to change phone operating systems is an unreasonably onerous ask.
OP had a good suggestion for a solution, something that allows gating surprise app installs.
I’m not saying that you should cajole them into doing something they don’t want to do, but in case it’s useful to anyone else reading this, I had a good experience having family make that switch for that reason. Having used Google, Samsung, and Apple phones extensively, I knew that switching to iOS is way less frustrating than going in the other direction, or even from vanilla Android to Samsung, IMO. The iPhone 16e is more than sufficient for a non-demanding users and is $599 totally unsubsidized, without trade-in, and they really do keep ticking for years for basic needs. (I got them iPhone SEs years ago and they just upgraded recently.) Quite usefully, my family lives near a few Apple Stores, so they can go in and get user support (including backup/phone reset type stuff) for free nearly on-demand, which saved me a lot of time mitigating someone just downloading some bullshit that had a name like “Weather Zone Plus Free Pro Traffic Weather News Games Center Deluxe Free (no ads)” that totally horked their setup.
$599 for a phone is frankly exorbitant for what is required here.
The phone they have have that was being asked about is probably either free or close to it with carrier incentives.
Here on HN we are in a bit of a bubble. Most users of this site can just make a $500 purchase if they want to and not think about it. The median American's liquid savings are well under $10k, and buying the least expensive iPhone is a burden. "Buy an iPhone" is not a suggestion that should be made to a person who would have to put it on a credit card and would be unable to 0at.it off that month.
And you can get iPhone 14s for $99 on occasion as long as you commit to prepaid service from Total Wireless/Trac Fone for 3 months (so about $180 - so your total price for the phone and 3 months of service is about $300) or you can use carrier trade-in deals to get hundreds of dollars off an iPhone 17, as long as you stay on a postpaid plan and take the credit over 3 years.
Yes, there are way more options to get sub $500 Android phones, but pretending like an iPhone is too expensive for most Americans when carrier deals are often as good or better for iPhone options (to say nothing of the older phones being sold by Total Wireless and the like) and when more people in the United States use iPhone vs Android is a little bit silly.
We just got $1130 from Verizon for my husband's old iPhone 14 Plus towards his new iPhone 17 Pro (I get a new phone every year so I’m just on the Apple Upgrade plan or I buy it outright each year, whereas he gets a new phone every 3 years or so), making it essentially free (we had to change the plan he was on but it cost the same as the old plan) and if he’d wanted a regular iPhone 17, he could’ve dropped down to a cheaper phone plan too. A 16e would’ve been even less than that.
I guarantee that a) they can get a hell of a lot more phone than that with carrier incentives, and b) if you compare Android phones released when that phone was released, you’re not going to see anything more than a hundred or two cheaper. And as much as I miss my salary, which was comparatively meager by standards here, I haven’t worked in the software business in years. I’m in my early career in a blue collar manufacturing trade, and not even in a major metropolitan area. I’ve been accepted into means-tested low-income programs within the past 6 months. I’ve got a pretty grounded understanding of what people outside of the Silicon Valley cultural sphere consider reasonable to spend on a phone, and what features they’d expect for it.
Anyone who is trying to save money shouldn't buy the "median" device. Just get an older iphone or the SE if you want it. Doesn't make sense. “I’m in top 10 percent of price conscious users so I want 50th percent device”? Just illogical behavior.
It's not even a hundred dollars for the 2020 SE model which still has 2 years of updates in it. For the newer 2022 model it's under 200 from refurb sellers. You can get 13s for under 250. You can even get apple care with the new subscription model and sneak a new battery for 12 bucks. Arguing with bogus facts is bad manner.
You're awfully cavalier with other people's money. Some would call that "bad manners" too since you brought it up.
Buying a $100 phone every other year when offered an android phone for free from the carrier is a meaningfully bad financial decision for people less well off than yourself. You are fortunate to be in a position to not have to worry about money like that, but try to have compassion for people less rich than yourself.
Oh stop the wiggling. You said hundreds of dollars and they aren't. Now you are switching your argument to "free phones" there are no free phones you still pay for them. In lower income countries your carrier even installs malware as part of their bloat itself. The backmarket prizes in these countries are even more attainable for older iPhone models. Instead of paying your shady carrier you can finance the refurbs. Just stop making shit up and the petty emotional misdirection when you are called out. Judging from your other comments in themis thread it's your go to discussion instrument...
You're making an impressively bad faith argument here.
Yes if you buy an ancient device it is less. If we compare apples to apples, or apples to androids, you could buy an equally old android device for next to nothing. Any "wiggling" was because the discussion was about new devices before you decided to pretend to miss the context clues.
You are delusional if you think that there exists an iPhone that is not much more expensive than a lower end Android of a similar age. All the namecalling and pretending in the world won't make it otherwise.
Take the hourly billing for those of us who work that way. Multiply by family tech consulting time. It's probably cheaper to buy an iPhone for everyone!
At least this used to be true in the halcyon days when iOS was simple.
On the other hand, iOS is popular because of quality issues like this. Android is only as good as it is because of the competition from Apple.
Before the iPhone you couldn't even get the "cool" phones in America, Japan had so much better things available and everybody envied what wasn't available here.
The reason we have any control from the carriers was the power Apple had and the stubbornness of Jobs.
A lot of the battles being lost by Apple are being won by groups who will make the ecosystem worse.
I mean sure, the iPhone did a ton to create the modern smartphone as we think of it. If you as a user care about that history and want to support what Apple does, you should buy their devices.
That doesn't make it a reasonable device for a sizable segment of the non-tech-savvy population though.
The only walls that need to be in place to prevent this are against malicious carrier app stores. There's no need to restrict users here, which is what people complain about.
Stopping carriers from ruining phones is quite popular on HN from what I've seen.
I’d bet a large sum of money the safari user agent holds the top spot for total number of mobile users for Tuesday US office hours. Maybe dang can validate or reject the hypothesis.
You could try looking at "MDM" products. They're mostly targeted at corporations, and tend to be server based (OS calls the server directly) rather than on-device apps. But they can do some of these kinds of things.
Modern Android devices now have the "Device Protection" option that does a bunch of things, including disabling side loading. And I think you can enforce this via work profiles too.
iOS famously doesn't allow reloading themes or software. It's part of why they struggled to find a carrier to launch with in the beginning, because carriers modifying phones used to be the norm.
There are settings carriers can push to iOS (access to features like tethering, some network configuration stuff) but this type of malware cannot be pushed onto iOS. At worst, carriers push shitty Java applets to the (e)SIM, but that's all sandboxed off from any user interaction.
The two options are reach over all else, or control of its customers and overcharging them at every turn over all else.
One is not obviously better than the other, though I'll grant that Apple has managed to get their users to a place where being subjected to them has become a point of pride, which is impressive.
If we look iphone versus the direct google phones, both are quite expensive and at this point google's about $800/TB for storage upgrades is actually worse than apple's price.
Yes the Pixel phones are just as unaffordable as iPhones in this case, you're right! Google and Apple are the same here. If you want an inexpensive phone you must look for an Android phone that is not made by Google.
AppLovin has been doing this for a long time. BlueStacks and some other vendors have been doing this for literally a decade.
The root problem is that Google Play is poorly curated. One problem it has is that it ranks apps that have many downloads higher than those with fewer downloads. AppLovin is used to boost downloads for the purposes of the Google Play algorithm.
Are you sure BlueStacks installs apps without user consent? I know BlueStacks as an emulator to play Android games on PC and Mac. That's a legitimate business, 100% consistent with what users want. Versus what I (author of the piece linked above) reported is that AppLovin is installing apps that users don't want -- installing silently, installing when users tap X, installing after a quick (5 second) countdown.
I looked through the AppHub APK last year after a friend told me they'd found unknown apps installed on their flagship Samsung, and I was very surprised to find some of the same "direct download" references you did.
I've known for a long time that T-Mobile shipped junk apps upon initial setup, but seeing them loaded OTA after a single click on an ad (even a few pixels off of the "x" button) is very concerning. Even putting aside the moral issues with practices like this, that's a huge security hole in a very large percentage of Android phones.
lukec11, I would enjoy chatting with you about methods and findings. Send a note? https://www.benedelman.org/mail/
ADB can show you what package install'd a package. I've been running a setup but I gernally buy a bunch of the same phone, but after they get wifi they install masive amounts of junk.
Yup, can see what package installed a package both via ADB and even in the Settings > Apps GUI. Of course that's a slightly different question from whether the install was nonconsensual.
> ad tap (just clicking an ad, potentially a misclick aiming for a tiny X button, with no Install button even visible on screen)
> AppLovin’s X’s are unusually tiny, so mis-taps are especially likely
This is why I use Intent Intercept - https://f-droid.org/en/packages/de.k3b.android.intentinterce...
It tells me exactly what's about to happen from my tap(accidental or intentional), and gives me the option to undo my tap.
Every privacy/security conscious Android user should have Intent Intercept installed on their devices already.
Are there any apps designed to specifically gate every install, including background OTA installs sent by carriers, because I'm security conscious with my devices but I have family who very much are not.
Ideally, I can just nag my non-tech savvy relatives to let me install such a security app for them and then enjoy having peace of mind for their behalf.
Not buying a carrier phone or buying an iPhone (which doesn't permit carriers to inject the same type of crap into the device, they can only influence access to certain settings). AppLovin cannot install anything in the background without deep system access, and manual installation of non-Google apps requires confirming at least three popups.
There are antivirus apps on Android that will warn you for this crap, but an antivirus cannot work on an operating system designed to install malware.
Yes: “App Store” on iOS protects you against exactly this.
Having non-tech-savvy relatives throw out their phones, buy thousand dollar hardware and swap to an operating system they are unfamiliar with is an absolutely terrible solution to the problem.
It definitely can and should be a factor when choosing what hardware to set your relatives up with in the first place, though.
It's much too late for that in both my case and the same case for probably tens of thousands of others.
Many people are buying new phones every couple years. That's a new opportunity to switch.
Hyperbole of this comment aside, what else do you suggest then?
It's a fundamental tradeoff between allowing multiple ways for apps to be installed or forcing everything through a single installation workflow (a la iOS and its App Store).
Nothing in my comment was hyperbolic. The median price of a current gen iphone is $999. The people OP is asking about are not typical HN users; asking them to change phone operating systems is an unreasonably onerous ask.
OP had a good suggestion for a solution, something that allows gating surprise app installs.
I’m not saying that you should cajole them into doing something they don’t want to do, but in case it’s useful to anyone else reading this, I had a good experience having family make that switch for that reason. Having used Google, Samsung, and Apple phones extensively, I knew that switching to iOS is way less frustrating than going in the other direction, or even from vanilla Android to Samsung, IMO. The iPhone 16e is more than sufficient for a non-demanding users and is $599 totally unsubsidized, without trade-in, and they really do keep ticking for years for basic needs. (I got them iPhone SEs years ago and they just upgraded recently.) Quite usefully, my family lives near a few Apple Stores, so they can go in and get user support (including backup/phone reset type stuff) for free nearly on-demand, which saved me a lot of time mitigating someone just downloading some bullshit that had a name like “Weather Zone Plus Free Pro Traffic Weather News Games Center Deluxe Free (no ads)” that totally horked their setup.
$599 for a phone is frankly exorbitant for what is required here.
The phone they have have that was being asked about is probably either free or close to it with carrier incentives.
Here on HN we are in a bit of a bubble. Most users of this site can just make a $500 purchase if they want to and not think about it. The median American's liquid savings are well under $10k, and buying the least expensive iPhone is a burden. "Buy an iPhone" is not a suggestion that should be made to a person who would have to put it on a credit card and would be unable to 0at.it off that month.
And you can get iPhone 14s for $99 on occasion as long as you commit to prepaid service from Total Wireless/Trac Fone for 3 months (so about $180 - so your total price for the phone and 3 months of service is about $300) or you can use carrier trade-in deals to get hundreds of dollars off an iPhone 17, as long as you stay on a postpaid plan and take the credit over 3 years.
Yes, there are way more options to get sub $500 Android phones, but pretending like an iPhone is too expensive for most Americans when carrier deals are often as good or better for iPhone options (to say nothing of the older phones being sold by Total Wireless and the like) and when more people in the United States use iPhone vs Android is a little bit silly.
We just got $1130 from Verizon for my husband's old iPhone 14 Plus towards his new iPhone 17 Pro (I get a new phone every year so I’m just on the Apple Upgrade plan or I buy it outright each year, whereas he gets a new phone every 3 years or so), making it essentially free (we had to change the plan he was on but it cost the same as the old plan) and if he’d wanted a regular iPhone 17, he could’ve dropped down to a cheaper phone plan too. A 16e would’ve been even less than that.
I guarantee that a) they can get a hell of a lot more phone than that with carrier incentives, and b) if you compare Android phones released when that phone was released, you’re not going to see anything more than a hundred or two cheaper. And as much as I miss my salary, which was comparatively meager by standards here, I haven’t worked in the software business in years. I’m in my early career in a blue collar manufacturing trade, and not even in a major metropolitan area. I’ve been accepted into means-tested low-income programs within the past 6 months. I’ve got a pretty grounded understanding of what people outside of the Silicon Valley cultural sphere consider reasonable to spend on a phone, and what features they’d expect for it.
Anyone who is trying to save money shouldn't buy the "median" device. Just get an older iphone or the SE if you want it. Doesn't make sense. “I’m in top 10 percent of price conscious users so I want 50th percent device”? Just illogical behavior.
An older iPhone or an SE is still hundreds of dollars more device than these people need.
It's not even a hundred dollars for the 2020 SE model which still has 2 years of updates in it. For the newer 2022 model it's under 200 from refurb sellers. You can get 13s for under 250. You can even get apple care with the new subscription model and sneak a new battery for 12 bucks. Arguing with bogus facts is bad manner.
You're awfully cavalier with other people's money. Some would call that "bad manners" too since you brought it up.
Buying a $100 phone every other year when offered an android phone for free from the carrier is a meaningfully bad financial decision for people less well off than yourself. You are fortunate to be in a position to not have to worry about money like that, but try to have compassion for people less rich than yourself.
Oh stop the wiggling. You said hundreds of dollars and they aren't. Now you are switching your argument to "free phones" there are no free phones you still pay for them. In lower income countries your carrier even installs malware as part of their bloat itself. The backmarket prizes in these countries are even more attainable for older iPhone models. Instead of paying your shady carrier you can finance the refurbs. Just stop making shit up and the petty emotional misdirection when you are called out. Judging from your other comments in themis thread it's your go to discussion instrument...
You're making an impressively bad faith argument here.
Yes if you buy an ancient device it is less. If we compare apples to apples, or apples to androids, you could buy an equally old android device for next to nothing. Any "wiggling" was because the discussion was about new devices before you decided to pretend to miss the context clues.
You are delusional if you think that there exists an iPhone that is not much more expensive than a lower end Android of a similar age. All the namecalling and pretending in the world won't make it otherwise.
> 2020 SE model which still has 2 years of updates in it
> You can even get apple care with the new subscription model and sneak a new battery for 12 bucks
> you could buy an equally old android device for next to nothing
Is that Android device going to have any support or security updates or battery life?
Take the hourly billing for those of us who work that way. Multiply by family tech consulting time. It's probably cheaper to buy an iPhone for everyone!
At least this used to be true in the halcyon days when iOS was simple.
On the other hand, iOS is popular because of quality issues like this. Android is only as good as it is because of the competition from Apple.
Before the iPhone you couldn't even get the "cool" phones in America, Japan had so much better things available and everybody envied what wasn't available here.
The reason we have any control from the carriers was the power Apple had and the stubbornness of Jobs.
A lot of the battles being lost by Apple are being won by groups who will make the ecosystem worse.
I mean sure, the iPhone did a ton to create the modern smartphone as we think of it. If you as a user care about that history and want to support what Apple does, you should buy their devices.
That doesn't make it a reasonable device for a sizable segment of the non-tech-savvy population though.
The same "walled garden" app store that is much maligned on HN?
The only walls that need to be in place to prevent this are against malicious carrier app stores. There's no need to restrict users here, which is what people complain about.
Stopping carriers from ruining phones is quite popular on HN from what I've seen.
Yup.
Geeks don’t like it.
But Apple is a three-trillion-dollar corporation, because most folks aren’t geeks.
I’d bet a large sum of money the safari user agent holds the top spot for total number of mobile users for Tuesday US office hours. Maybe dang can validate or reject the hypothesis.
You could try looking at "MDM" products. They're mostly targeted at corporations, and tend to be server based (OS calls the server directly) rather than on-device apps. But they can do some of these kinds of things.
> could try looking at "MDM" products
TinyMDM at $23/year seems to fit the ticket [1]. (I've never used it and just heard about it today.)
[1] https://www.tinymdm.net/pricing-usd/
Modern Android devices now have the "Device Protection" option that does a bunch of things, including disabling side loading. And I think you can enforce this via work profiles too.
How does the platform even allow a single tap on an ad to install an app?
Edit: Discussed somewhat here https://www.benedelman.org/applovin-permissions/. Seems like it's abetted by garbage from the carrier.
Something for iOS to look forward to?
iOS famously doesn't allow reloading themes or software. It's part of why they struggled to find a carrier to launch with in the beginning, because carriers modifying phones used to be the norm.
There are settings carriers can push to iOS (access to features like tethering, some network configuration stuff) but this type of malware cannot be pushed onto iOS. At worst, carriers push shitty Java applets to the (e)SIM, but that's all sandboxed off from any user interaction.
Ben Edelman here, author of the page you linked above and the full article at https://www.benedelman.org/applovin-nonconsensual-installs/ (linked from top of this page). Happy to answer any questions.
You neglected to mention Google's Android. It's business model that maximizes for reach over everything else is the root cause.
The two options are reach over all else, or control of its customers and overcharging them at every turn over all else.
One is not obviously better than the other, though I'll grant that Apple has managed to get their users to a place where being subjected to them has become a point of pride, which is impressive.
> The two options are reach over all else, or control of its customers and overcharging them at every turn over all else.
do you have an example of "overcharging them at every turn"? looking at the Google One [1] vs Apple iCloud [2] pricing it seems pretty similar.
------ Google Apple
5 GB: free free
50 GB: N/A $0.99
100 GB:$1.99 N/A
2 TB: $9.99 $9.99
6 TB: N/A $29.99
[1] https://one.google.com/about/plans?hl=en&g1_landing_page=0
[2] https://support.apple.com/en-us/108047
If we look iphone versus the direct google phones, both are quite expensive and at this point google's about $800/TB for storage upgrades is actually worse than apple's price.
Yes the Pixel phones are just as unaffordable as iPhones in this case, you're right! Google and Apple are the same here. If you want an inexpensive phone you must look for an Android phone that is not made by Google.
I reported problems about applovin sdk clicking on/opening ads on ios apps like a decade+ ago. have never used them since.
I really hope Unity gain more mobile gaming ads market shares away from AppLovin.
Quite damning evidence
AppLovin makes a gargantuan profit margin of 45%:
https://valustox.com/APP
Even so, I avoid stocks that don't have a sustainable, value-based business model.
> AppLovin makes a gargantuan profit margin of 45%
65% (68^%) net (gross) income margin for Q2 '25 [1]. 44% (54%) net (gross) for Q2 '24.
(Nitpick: I don't love financial dashboards that don't define and date their metrics. For example, what does leverage on that page mean?)
[1] https://www.sec.gov/ix?doc=/Archives/edgar/data/1751008/0001...
Somebody made a song about this. Hah! https://open.spotify.com/track/2sNBdJV7LjV3oxSKnE5kQT
AppLovin has been doing this for a long time. BlueStacks and some other vendors have been doing this for literally a decade.
The root problem is that Google Play is poorly curated. One problem it has is that it ranks apps that have many downloads higher than those with fewer downloads. AppLovin is used to boost downloads for the purposes of the Google Play algorithm.
Of course, this is known to Google.
Are you sure BlueStacks installs apps without user consent? I know BlueStacks as an emulator to play Android games on PC and Mac. That's a legitimate business, 100% consistent with what users want. Versus what I (author of the piece linked above) reported is that AppLovin is installing apps that users don't want -- installing silently, installing when users tap X, installing after a quick (5 second) countdown.
Sorry, couldn't help myself
https://imgflip.com/i/a940ug
> Why would Samsung, T-Mobile, and others grant AppLovin the ability to install apps?
Exotica like Fairphone and PinePhone are starting to look pretty good...