Bloatware: Difference between revisions

(16 intermediate revisions by the same user not shown)

Line 15:

Bloatware often arises as pre-installed software and applications because the device manufacturer (OEM) has a contract or partnership with another corporation. The terms and processes leading to these partnerships, however, lack transparency. One study determined that personal data collection and user tracking was prevalent in pre-installed apps, with the data collection including [[wikipedia:Personal_data|personally identifying info]] (PII) and geo-location data, personal email and phone call metadata, contacts, behavioral and usage statistics as well as isolated malware samples.<ref>''J. Gamba, M. Rashed, A. Razaghpanah, J. Tapiador and N. Vallina-Rodriguez, "An Analysis of Pre-installed Android Software," 2020 IEEE Symposium on Security and Privacy (SP), San Francisco, CA, USA, 2020, pp. 1039-1055, doi: 10.1109/SP40000.2020.00013.'' https://ieeexplore.ieee.org/document/9152633 Accessed 2''6 Feb 2026.'' ([http://web.archive.org/web/20251130162318/https://www.researchgate.net/publication/332932516_An_Analysis_of_Pre-installed_Android_Software Archived])</ref>

Bloat, in any of its forms, raises privacy and security concerns<ref>{{Cite web |last=Hubert |first=Bert |date=2024-02-08 |title=Why Bloat Is Still Software’s Biggest Vulnerability |url=https://spectrum.ieee.org/lean-software-development |access-date=2025-11-21 |website=IEEE Spectrum |url-status=live |archive-url=http://web.archive.org/web/20260131190126/https://spectrum.ieee.org/lean-software-development |archive-date=31 Jan 2026}}</ref>. As a rule of thumb, every added branch of code can make a program exponentially harder to prove for correctness<ref>{{Cite web |last=Howard |first=Gavin |date=2024-03-26 |title=What Computers Cannot Do: The Consequences of Turing-Completeness |url=https://gavinhoward.com/2024/03/what-computers-cannot-do-the-consequences-of-turing-completeness#infinite-state |url-status=dead |archive-url=http://web.archive.org/web/20251214082939/https://gavinhoward.com/2024/03/what-computers-cannot-do-the-consequences-of-turing-completeness#infinite-state |archive-date=2025-12-14 |access-date=2026-01-06 |website=Gavin D. Howard}}</ref>, making it impractical or impossible to verify that a program is not malicious (such as [[spyware]]) or has an exploitable [[wikipedia:Software_vulnerabilities|vulnerability]]. The problem is exacerbated if the ~~app is not [[wikipedia:Open-source_software|open-source]] or~~ [[wikipedia:Source-available_software|source-available]], since [[wikipedia:Reverse_engineering|reverse engineering]] is difficult and (in some cases) illegal. This means that user is unable to control or ensure the safety of their devices.

Bloat, in any of its forms, raises privacy and security concerns<ref>{{Cite web |last=Hubert |first=Bert |date=2024-02-08 |title=Why Bloat Is Still Software’s Biggest Vulnerability |url=https://spectrum.ieee.org/lean-software-development |access-date=2025-11-21 |website=IEEE Spectrum |url-status=live |archive-url=http://web.archive.org/web/20260131190126/https://spectrum.ieee.org/lean-software-development |archive-date=31 Jan 2026}}</ref>. As a rule of thumb, every added branch of code can make a program exponentially harder to prove for correctness<ref>{{Cite web |last=Howard |first=Gavin |date=2024-03-26 |title=What Computers Cannot Do: The Consequences of Turing-Completeness |url=https://gavinhoward.com/2024/03/what-computers-cannot-do-the-consequences-of-turing-completeness#infinite-state |url-status=dead |archive-url=http://web.archive.org/web/20251214082939/https://gavinhoward.com/2024/03/what-computers-cannot-do-the-consequences-of-turing-completeness#infinite-state |archive-date=2025-12-14 |access-date=2026-01-06 |website=Gavin D. Howard}}</ref>, making it impractical or impossible to verify that a program is not malicious (such as [[spyware]]) or has an exploitable [[wikipedia:Software_vulnerabilities|vulnerability]]. The problem is exacerbated if the [[wikipedia:Source-available_software|source-code of the app is not available]], since [[wikipedia:Reverse_engineering|reverse engineering]] is difficult and (in some cases) illegal. This means that user is unable to control or ensure the safety of their devices.

Bloat is known for causing sub-par [[wikipedia:User_experience|user experience]]:

Bloat is known for causing sub-par [[wikipedia:User_experience|user experience]] (UX):

*Increased latency, "slowness", when using programs and applications<ref>https://developer.mozilla.org/en-US/docs/Web/Performance ([http://web.archive.org/web/20260211103730/https://developer.mozilla.org/en-US/docs/Web/Performance Archived])</ref>

Line 25:

*Instability issues due to difficulty in testing and verifying big code-bases<ref>{{Cite web |last=Muratori |first=Casey |date=2018-05-12 |title=The Thirty Million Line Problem |url=https://youtu.be/kZRE7HIO3vk |url-status=live |access-date=2026-03-15 |website=Molly Rocket |via=YouTube}}</ref>

If sustainable energy sources are ~~not~~ used to power these devices with bloatware, bloat can contribute to [[wikipedia:Climate_change|climate change]]. This is true for any excessive processing (CPU, GPU, etc.) and network abuse (such as [[Artificial_intelligence/training|AI training]]).

If non-sustainable energy sources are used to power these devices with bloatware, bloat can contribute to [[wikipedia:Climate_change|climate change]]. This is true for any excessive processing (CPU, GPU, etc.) and network abuse (such as [[Artificial_intelligence/training|AI training]]).

==Tools to deal with bloat==

This is a list of tools that can be used (or are primarily used) to reduce bloat. This is not a guide, just a list of suggestions.

*[[wikipedia:UBlock_Origin|uBlock Origin]] (uBO). A general-purpose content blocker for web-browsers. It's worth noting that its "Cosmetic Filtering" (element hiding) can, in rare cases (such as animated elements), improve performance.<ref>{{Cite web |date=2016-02-03 |title=html - Does hiding an animated GIF with CSS conserve browser resources? |url=https://stackoverflow.com/questions/33762652/does-hiding-an-animated-gif-with-css-conserve-browser-resources/35169688#35169688 |url-status=live |archive-url=https://web.archive.org/web/20251215062718/https://stackoverflow.com/questions/33762652/does-hiding-an-animated-gif-with-css-conserve-browser-resources/35169688#35169688 |archive-date=2025-12-15 |access-date=2026-03-15 |website=Stack Overflow}}</ref>

*[[wikipedia:Noscript|NoScript]]. Much more specialized than uBO, as it only deals with [[JavaScript]].

*[https://libredirect.github.io/ LibRedirect]. On-browser (client-side) redirector of popular websites to privacy-respecting alternatives (alts). Most of those alts are lightweight, so it can be used to ''avoid'' bloat rather than ''remove'' bloat.

*<code>[https://privacy.sexy/ privacy.sexy]</code>. A tool for improving security and privacy on popular operating-systems, it also serves as a "debloater".

*[[Android]] debloaters:

**[https://github.com/Universal-Debloater-Alliance/universal-android-debloater-next-generation Universal Android Debloater Next Generation] (UAD-NG). A [[wikipedia:Desktop_computer|desktop]] app that uses [[wikipedia:Android_Debug_Bridge|ADB]] to disable (or "freeze") and pseudo-uninstall almost (OEMs block some) any app (including system packages) without [[Jailbreak|root]]-access.

**[https://github.com/samolego/Canta Canta]. An Android app that uses UAD-NG's bloat-lists as its knowledge-base (KB), and [https://shizuku.rikka.app/ Shizuku] as ADB replacement.

**[https://github.com/MuntashirAkon/AppManager AppManager]. An "all-in-one"/general-purpose package manager that runs on Android. It uses a derivative of UAD's lists as its KB. It can show '''a lot''' of hidden info about apps, which can sometimes be used for reverse-engineering.

**[https://github.com/lavafroth/droidrunco Droidrunco], superseded by [https://github.com/lavafroth/zilch Zilch]

*[https://github.com/M66B/NetGuard NetGuard]. An app that uses [https://developer.android.com/develop/connectivity/vpn the local Android VPN API] to filter internet traffic (like a [[wikipedia:Firewall_(computing)|firewall]]). It can be used as an on-device [[Pi-hole]] to [[Ad block|block ads]] using [[wikipedia:Hosts_(file)|<code>hosts</code>-files]] as rules.<ref>{{Cite web |last=Bokhorst |first=Marcel |date=2016-03-20 |title=Ad Blocking with NetGuard |url=https://github.com/M66B/NetGuard/blob/7308869411ff87649bf3a46a9c7c08f1e5353801/ADBLOCKING.md |url-status=live |access-date=2026-03-15 |website=GitHub}}</ref>

*[https://github.com/celzero/rethink-app Rethink], [[wikipedia:Domain_Name_System|DNS]] + Firewall + [[wikipedia:Virtual_private_network|VPN]] for Android. Can use local and remote DNS.

*[[wikipedia:Youtube-dl|youtube-dl]] & [https://github.com/yt-dlp/yt-dlp YT-DLP]. Audio/Video downloaders or "[[wikipedia:Ripping|rippers]]". Similarly to LibRedirect, it can be used to avoid bloat, by simply downloading the main content of a page. There's also <code>--get-url</code>/<code>--print urls</code> options that can be used to open the URL of the media in a browser, effectively streaming it, without a customized player

==See also==

*[[JavaScript]]

*[[Electron]]

==External links==

*[https://thatshubham.com/blog/news-audit "The 49MB Web Page"]; a study on popular news/journalism sites. They also talk about cognitive-load and silent automated bidding, criticizing the degraded UX and privacy violations.

*[https://idlewords.com/talks/website_obesity.htm "Web Obesity Crisis"]

*[https://danluu.com/web-bloat/ How web bloat impacts users with slow connections]

*[https://httparchive.org/reports/page-weight HTTP Archive: Page Weight]

*[https://www.keycdn.com/support/the-growth-of-web-page-size The Growth of Web Page Size]

*[https://tonsky.me/blog/js-bloat Javascript bloat in 2024]

@@ Line 15: / Line 15: @@
 Bloatware often arises as pre-installed software and applications because the device manufacturer (OEM) has a contract or partnership with another corporation. The terms and processes leading to these partnerships, however, lack transparency. One study determined that personal data collection and user tracking was prevalent in pre-installed apps, with the data collection including [[wikipedia:Personal_data|personally identifying info]] (PII) and geo-location data, personal email and phone call metadata, contacts, behavioral and usage statistics as well as isolated malware samples.<ref>''J. Gamba, M. Rashed, A. Razaghpanah, J. Tapiador and N. Vallina-Rodriguez, "An Analysis of Pre-installed Android Software," 2020 IEEE Symposium on Security and Privacy (SP), San Francisco, CA, USA, 2020, pp. 1039-1055, doi: 10.1109/SP40000.2020.00013.'' https://ieeexplore.ieee.org/document/9152633 Accessed 2''6 Feb 2026.'' ([http://web.archive.org/web/20251130162318/https://www.researchgate.net/publication/332932516_An_Analysis_of_Pre-installed_Android_Software Archived])</ref>
-Bloat, in any of its forms, raises privacy and security concerns<ref>{{Cite web |last=Hubert |first=Bert |date=2024-02-08 |title=Why Bloat Is Still Software’s Biggest Vulnerability |url=https://spectrum.ieee.org/lean-software-development |access-date=2025-11-21 |website=IEEE Spectrum |url-status=live |archive-url=http://web.archive.org/web/20260131190126/https://spectrum.ieee.org/lean-software-development |archive-date=31 Jan 2026}}</ref>.<!-- These privacy and security concerns should be detailed and explained. It would be the core point of this article. --> As a rule of thumb, every added branch of code can make a program exponentially harder to prove for correctness<ref>{{Cite web |last=Howard |first=Gavin |date=2024-03-26 |title=What Computers Cannot Do: The Consequences of Turing-Completeness |url=https://gavinhoward.com/2024/03/what-computers-cannot-do-the-consequences-of-turing-completeness#infinite-state |url-status=dead |archive-url=http://web.archive.org/web/20251214082939/https://gavinhoward.com/2024/03/what-computers-cannot-do-the-consequences-of-turing-completeness#infinite-state |archive-date=2025-12-14 |access-date=2026-01-06 |website=Gavin D. Howard}}</ref>, making it impractical or impossible to verify that a program is not malicious (such as [[spyware]]) or has an exploitable [[wikipedia:Software_vulnerabilities|vulnerability]]. The problem is exacerbated if the app is not [[wikipedia:Open-source_software|open-source]] or [[wikipedia:Source-available_software|source-available]], since [[wikipedia:Reverse_engineering|reverse engineering]] is difficult and (in some cases) illegal. This means that user is unable to control or ensure the safety of their devices.
+Bloat, in any of its forms, raises privacy and security concerns<ref>{{Cite web |last=Hubert |first=Bert |date=2024-02-08 |title=Why Bloat Is Still Software’s Biggest Vulnerability |url=https://spectrum.ieee.org/lean-software-development |access-date=2025-11-21 |website=IEEE Spectrum |url-status=live |archive-url=http://web.archive.org/web/20260131190126/https://spectrum.ieee.org/lean-software-development |archive-date=31 Jan 2026}}</ref>.<!-- These privacy and security concerns should be detailed and explained. It would be the core point of this article. --> As a rule of thumb, every added branch of code can make a program exponentially harder to prove for correctness<ref>{{Cite web |last=Howard |first=Gavin |date=2024-03-26 |title=What Computers Cannot Do: The Consequences of Turing-Completeness |url=https://gavinhoward.com/2024/03/what-computers-cannot-do-the-consequences-of-turing-completeness#infinite-state |url-status=dead |archive-url=http://web.archive.org/web/20251214082939/https://gavinhoward.com/2024/03/what-computers-cannot-do-the-consequences-of-turing-completeness#infinite-state |archive-date=2025-12-14 |access-date=2026-01-06 |website=Gavin D. Howard}}</ref>, making it impractical or impossible to verify that a program is not malicious (such as [[spyware]]) or has an exploitable [[wikipedia:Software_vulnerabilities|vulnerability]]. The problem is exacerbated if the [[wikipedia:Source-available_software|source-code of the app is not available]], since [[wikipedia:Reverse_engineering|reverse engineering]] is difficult and (in some cases) illegal. This means that user is unable to control or ensure the safety of their devices.
-Bloat is known for causing sub-par [[wikipedia:User_experience|user experience]]:
+Bloat is known for causing sub-par [[wikipedia:User_experience|user experience]] (UX):
 *Increased latency, "slowness", when using programs and applications<ref>https://developer.mozilla.org/en-US/docs/Web/Performance ([http://web.archive.org/web/20260211103730/https://developer.mozilla.org/en-US/docs/Web/Performance Archived])</ref>
@@ Line 25: / Line 25: @@
 *Instability issues due to difficulty in testing and verifying big code-bases<ref>{{Cite web |last=Muratori |first=Casey |date=2018-05-12 |title=The Thirty Million Line Problem |url=https://youtu.be/kZRE7HIO3vk |url-status=live |access-date=2026-03-15 |website=Molly Rocket |via=YouTube}}</ref>
-If sustainable energy sources are not used to power these devices with bloatware, bloat can contribute to [[wikipedia:Climate_change|climate change]]. This is true for any excessive processing (CPU, GPU, etc.) and network abuse (such as [[Artificial_intelligence/training|AI training]]).
+If non-sustainable energy sources are used to power these devices with bloatware, bloat can contribute to [[wikipedia:Climate_change|climate change]]. This is true for any excessive processing (CPU, GPU, etc.) and network abuse (such as [[Artificial_intelligence/training|AI training]]).
-<!-- TO-DO: add section for how to deal with bloat. It should mention privacy.sexy, UADNG, Canta, AppManager, uBO, Libredirect, etc... -->
+==Tools to deal with bloat==
+This is a list of tools that can be used (or are primarily used) to reduce bloat. This is not a guide, just a list of suggestions.
+*[[wikipedia:UBlock_Origin|uBlock Origin]] (uBO). A general-purpose content blocker for web-browsers. It's worth noting that its "Cosmetic Filtering" (element hiding) can, in rare cases (such as animated elements), improve performance.<ref>{{Cite web |date=2016-02-03 |title=html - Does hiding an animated GIF with CSS conserve browser resources? |url=https://stackoverflow.com/questions/33762652/does-hiding-an-animated-gif-with-css-conserve-browser-resources/35169688#35169688 |url-status=live |archive-url=https://web.archive.org/web/20251215062718/https://stackoverflow.com/questions/33762652/does-hiding-an-animated-gif-with-css-conserve-browser-resources/35169688#35169688 |archive-date=2025-12-15 |access-date=2026-03-15 |website=Stack Overflow}}</ref>
+*[[wikipedia:Noscript|NoScript]]. Much more specialized than uBO, as it only deals with [[JavaScript]].
+*[https://libredirect.github.io/ LibRedirect]. On-browser (client-side) redirector of popular websites to privacy-respecting alternatives (alts). Most of those alts are lightweight, so it can be used to ''avoid'' bloat rather than ''remove'' bloat.
+*<code>[https://privacy.sexy/ privacy.sexy]</code>. A tool for improving security and privacy on popular operating-systems, it also serves as a "debloater".
+*[[Android]] debloaters:
+**[https://github.com/Universal-Debloater-Alliance/universal-android-debloater-next-generation Universal Android Debloater Next Generation] (UAD-NG). A [[wikipedia:Desktop_computer|desktop]] app that uses [[wikipedia:Android_Debug_Bridge|ADB]] to disable (or "freeze") and pseudo-uninstall almost (OEMs block some) any app (including system packages) without [[Jailbreak|root]]-access.
+**[https://github.com/samolego/Canta Canta]. An Android app that uses UAD-NG's bloat-lists as its knowledge-base (KB), and [https://shizuku.rikka.app/ Shizuku] as ADB replacement.
+**[https://github.com/MuntashirAkon/AppManager AppManager]. An "all-in-one"/general-purpose package manager that runs on Android. It uses a derivative of UAD's lists as its KB. It can show '''a lot''' of hidden info about apps, which can sometimes be used for reverse-engineering.
+**[https://github.com/lavafroth/droidrunco Droidrunco], superseded by [https://github.com/lavafroth/zilch Zilch]
+*[https://github.com/M66B/NetGuard NetGuard]. An app that uses [https://developer.android.com/develop/connectivity/vpn the local Android VPN API] to filter internet traffic (like a [[wikipedia:Firewall_(computing)|firewall]]). It can be used as an on-device [[Pi-hole]] to [[Ad block|block ads]] using [[wikipedia:Hosts_(file)|<code>hosts</code>-files]] as rules.<ref>{{Cite web |last=Bokhorst |first=Marcel |date=2016-03-20 |title=Ad Blocking with NetGuard |url=https://github.com/M66B/NetGuard/blob/7308869411ff87649bf3a46a9c7c08f1e5353801/ADBLOCKING.md |url-status=live |access-date=2026-03-15 |website=GitHub}}</ref>
+*[https://github.com/celzero/rethink-app Rethink], [[wikipedia:Domain_Name_System|DNS]] + Firewall + [[wikipedia:Virtual_private_network|VPN]] for Android. Can use local and remote DNS.
+*[[wikipedia:Youtube-dl|youtube-dl]] & [https://github.com/yt-dlp/yt-dlp YT-DLP]. Audio/Video downloaders or "[[wikipedia:Ripping|rippers]]". Similarly to LibRedirect, it can be used to avoid bloat, by simply downloading the main content of a page. There's also <code>--get-url</code>/<code>--print urls</code> options that can be used to open the URL of the media in a browser, effectively streaming it, without a customized player
 ==See also==
-*[[JavaScript]]
 *[[Electron]]
 ==External links==
+*[https://thatshubham.com/blog/news-audit "The 49MB Web Page"]; a study on popular news/journalism sites. They also talk about cognitive-load and silent automated bidding, criticizing the degraded UX and privacy violations.
 *[https://idlewords.com/talks/website_obesity.htm "Web Obesity Crisis"]
 *[https://danluu.com/web-bloat/ How web bloat impacts users with slow connections]
+*[https://httparchive.org/reports/page-weight HTTP Archive: Page Weight]
 *[https://www.keycdn.com/support/the-growth-of-web-page-size The Growth of Web Page Size]
 *[https://tonsky.me/blog/js-bloat Javascript bloat in 2024]