Pre-installed applications data

We make the data we collected publicly available in an effort to foster research efforts in this area.

For more details about the data collection, as well as an analysis of the applications we collected, please read our paper, published at the 41st IEEE Symposium on Security and Privacy.

By using this data, you agree to the license agreement below.

Download

Data format

This file contain a JSON object per line, which correspond to an application found pre-installed. We give some metadata about these applications: the package name, version and SDK information, the MD5 hash of the APK, information about the certificate used to sign the app and the build fingerprint of the devices on which the app was found pre-installed.

Below is a example of JSON object that can be found in the file:

 

{
      "md5hash": "73ca97d5a6e74d6f0b7e7cac6b00e2ae",
      "pkg_name": "com.android.providers.userdictionary",
      "min_sdk": "24",
      "target_sdk": "24",
      "pkg_version_code": "24",
      "pkg_version_name": "7.0"
      "fingerprints": [
          "huawei/eva-l09/hweva:7.0/huaweieva-l09/c432b395:user/release-keys"
      ],
      "certs": [
          {
              "subject": "C=CN, ST=Guangdong, L=Shengzhen, O=Huawei, OU=TerminalCompany, CN=AndroidTeam, E=mobile@huawei.com",
              "issuer": "C=CN, ST=Guangdong, L=Shengzhen, O=Huawei, OU=TerminalCompany, CN=AndroidTeam, E=mobile@huawei.com",
              "valid_not_before": "2016-05-05 07:36:41+00:00",
              "valid_not_after": "2043-09-21 07:36:41+00:00",
              "sha1": "1C:DD:04:F1:E4:A7:32:BB:03:52:FD:FA:EE:26:D2:31:55:26:DF:85",
              "sha256": "27:71:BC:FE:40:C0:F6:19:4C:E5:27:01:DA:AD:4E:FA:0F:8C:38:0C:84:4E:83:08:1E:45:92:F0:B1:31:63:E5",
              "pkey_exponent": "65537",
              "pkey_modulus": "2065841188...2927084117",
              "hash_algo": "sha1",
              "signature_algo": "rsassa_pkcs1v15",
              "serial": "11597846411391429387",
              "cert_path": "META-INF/CERT.RSA"
          }
      ],
 }

License agreement

 The Android Observatory team’s authorization to access the data grants You a limited, non-exclusive, non-transferable, non-assignable, and terminable license to copy, modify, and use the data in accordance with this Public Agreement. No license is granted for any other purpose and there are no implied licenses in this Agreement. Nothing in this License is intended to limit any rights You may have arising from fair use or due to other limitations on the Android Observatory’s exclusive rights under copyright law or other applicable laws. The Android Observatory has the authority and reserves the right, in its sole discretion, to discontinue further access and use to anyone who violates this AUA.

If You create a publication (including web pages, papers published by a third party, and publicly available presentations) using data from the pre-installed applications dataset, You should cite the following paper as follows:

Gamba, J., Rashed, M., Razaghpanah, A., Tapiador, J., & Vallina-Rodriguez, N. (2020).
An Analysis of Pre-installed Android Software.
In the 41st IEEE Symposium on Security and Privacy (SP).

We encourage You to provide the Android Observatory with a copy of (or a link to) the publication. We use this information in reports to our funding agencies.

DISCLAIMER OF WARRANTIES. THE ANDROID OBSERVATORY USES ITS BEST EFFORTS TO PROVIDE DATA IN ACCORDANCE WITH ETHICAL PRINCIPLES AND SCIENTIFIC INTEGRITY. HOWEVER, THE DATA PROVIDED HEREIN IS ON AN “AS IS” BASIS. NEITHER THE ANDROID OBSERVATORY, ITS RESEARCHERS, RESEARCH PARTNERS, LICENSORS, AND DATA PROVIDERS MAKE ANY WARRANTY, EITHER IMPLIED OR EXPRESS, OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE, INCLUDING, BUT NOT LIMITED TO, THE ACCURACY, TIMELINESS, COMPLETENESS, RELIABILITY, OR AVAILABILITY OF THE ANDROID OBSERVATORY DATA, APPLICATIONS, OR SERVICES ACCESSIBLE THROUGH OR MADE AVAILABLE BY THE ANDROID OBSERVATORY.

LIMITATION OF LIABILITY. TO THE EXTENT ALLOWED BY LAW, IN NO EVENT SHALL THE ANDROID OBSERVATORY NOR ANY OF ITS PARTNERS BE LIABLE TO YOU OR ANY THIRD PARTY FOR ANY INDIRECT, CONSEQUENTIAL, INCIDENTAL, SPECIAL OR PUNITIVE DAMAGES, ARISING FROM YOUR USE OF THE DATA.

If You have any questions about the data or about this Public Agreement, please email contact -AT- androidobservatory -DOT- com.