Key takeaways
Bloatware is often discussed in the same breath as other unwanted executables and applications floating around on devices like malware, adware, viruses and junkware or PUAs – Potentially Unwanted Applications and PUPs – Potentially Unwanted Programs. But it’s an entirely different thing, and it’s not inherently malicious. That doesn’t stop it being inconvenient, annoying and unwanted.
What is bloatware exactly?
Bloatware definition
Bloatware is software you didn’t ask for installed by the manufacturer on new mobile devices and computers. Examples might include calendar applications or antivirus or cleanup utilities. They often duplicate the functionality of other common apps or software but are intended to steer the user into buying or subscribing to something, rather than being included as a benefit to them. So – who benefits? Often the manufacturer or vendor receives a small payment from the bloatware maker for every device shipped with their software on it. Alternatively, manufacturers themselves may load bloatware to lock buyers into their software ecosystem, ensuring that when they buy a replacement they’ll be more inclined to buy from that vendor again.
The problem with this is that bloatware can gobble up your computer or phone’s resources, bombard you with annoying alerts, try to monopolize specific types of activity such as email or web browsing. In some cases bloatware or noise from bloatware can make it harder to distinguish legitimate software and processes from those that are malicious.
Why does Bloatware exist?
There are usually two reasons: One is that the manufacturer is trying to lock users into their platform by making their software the default option. This is often seen in web browsers, which have historically been a major area of competition between organizations that want their browser to be the default window on the web. Another example is the apps mobile operators put on the handsets they sell to subscribers.
The second reason is plain old money: the maker of the bloatware wants as many users as possible, because that often translates into subscription payments or some other benefit. So they pay computer and mobile device makers a small sum to have their software included as part of the basic load of operating system and applications that ship with every device the manufacturer ships.
One last thing: PCs and mobile devices have a supply chain, and bloatware can be loaded on at almost any point in the process from the factory through to it landing in your hands. For a mobile device, this could mean bloatware is loaded at the manufacturing stage, when it is shipped to the distributor, resold in a high street shop or when it is supplied by the mobile network carrier that provides the shop with the device and the SIM card and network connection.
The different types of bloatware
Back in the day, when dial-up internet was a thing, it wasn’t uncommon for the buyer of a new PC to start their computer up for the first time and be bombarded with messages and popups from multiple internet service providers to sign up to their service, often via software that an ISP had paid to have preloaded on the PC.
Some improvements have been made but bloatware is still here and in multiple forms:
Trialware
Often this sort of software was (and still is) pitched as trialware – something you can try for free before buying. This was actually quite useful years ago when internet access was expensive and slow, so downloading an app to try out was hardly easy. It’s also why a lot of print magazines used to come with cover discs packed with trial software, and why internet service providers spent much of the 1990s sending floppy discs to households all over the world.
Nowadays, it’s quite common for new PCs to ship with ‘free’ antivirus tools and other bloatware – including things like media players and productivity apps. For many PC manufacturers and what is known as System Builders – businesses that assembled complete PC systems from parts – this was a lucrative sideline: all kinds of software companies could pay a small amount to have their products pre-installed on new systems for buyers to try out.
OEM apps
Instead of users being able to choose which app to use, they’re presented with something positioned as the default.
In the past, this was used by Microsoft to gain market share for Internet Explorer, and by Samsung to push its own calendar and email applications instead of the default apps that shipped with Android devices. This last tactic often left mobile phone buyers with several different calendars on their handset all fighting for the right to manage their day.
This sort of ‘bundling’ activity extends beyond pre-installed software on PC desktops. The EU’s Digital Markets Act 2024, which we’ll get into in a bit more detail on later, is an attempt to address this sort of gatekeeping across multiple digital domains, not just the desktop.
Carrier apps
This type of bloatware is common to devices sold by mobile operators, and normally takes the form of an app or shortcut that – at least on the surface – allows the user to quickly check usage or swap tariffs. However, it’s also a shop window for the operator, allowing them to market new products or services, and try to ‘upsell’ existing customers to new tariffs or devices.
Adware
There are two sorts of adware, and neither are particularly pleasant. The first is something of a deal with the devil; to use a piece of software or service without paying for it, you agree to be served advertising. That means that when you open an app, it also displays a banner or popup for an advertiser. This is a pretty prevalent practice in free mobile apps and games – and frankly, it’s also how TV broadcasters, web sites and newspapers monetize their audiences, too.
The tricky part of this – and the part that starts leaking into the second sort of adware, is that the adware sometimes ‘phones home’ – sending details of your device, browsing habits, personal information and so on to advertisers.
The second type of adware is more invasive, taking over browsers, behaving like spyware and monitoring your digital footprint.
Bloatware vs malware — what’s the actual difference?
Is bloatware malware?
No. It’s not installed or built to steal data or disrupt systems, a key part of the definition of malware. But there is a bit of an overlap between malware and both Potentially Unwanted Programs (PUP)/Potentially Unwanted Applications (PUA). This is software that is often bundled with free software packages like file readers or converters or media players, with a tickbox option to download and install it showing on screen during the install process for the free app. These can take the form of tools that claim to optimize your system, browser plugins, extensions or toolbars, installers and other ‘helper’ apps that, more often than not, contain less than helpful payloads and sometimes stray into the territory of malware, spyware or scareware.
Below is a table outlining a few common types of unwanted apps that run from the annoying but harmless to the downright malicious by way of just being inadvertently risky.
What is it? How does it get on your device? Is it harmful? What should I do? Bloatware Software installed as standard on a new device that you didn’t ask for Manufacturers, resellers, mobile carriers and others install it – either their software or someone else’s Not usually, but it can add vulnerabilities or allow attackers access If possible, remove it if you don’t need it, and free up disc space, memory and processor cycles PUP/PUA Unwanted software that’s installed as a sneaky ‘extra’ with an app you’ve chosen to install. It’s also referred to as junkware Some free applications offer an option to add other bits of software during the installation process – usually a box you have to tick or untick. Usually not if the main piece of software is legitimate, but often it’s not terribly desirable Carefully read every option presented during the installation or update process for software you use, and decline to install the PUP/PUA if you don’t need or want it Adware Displays advertising on your device, and can track online behavior to display personalized ads It can be a way to monetize free or cheap software – but it can also be installed without the user’s permission It may contain spyware, and often tracks online activities and shares them with advertisers and whoever wants to pay for it Avoid software that is supported by Adware if at all possible. Malware Hostile software designed to gain access to devices and networks and steal data – or hold it to ransom Users can be tricked into downloading it, but it can also be distributed via infected websites, removable drives and other vectors, or vulnerabilities in operating systems Yes – it is created with malicious intent Use a mainstream, effective and recommended antivirus package Spyware A type of malware intended to surreptitiously steal data and send it to hostile actors As per malware Yes – it is created with malicious intent Use a mainstream, effective and recommended antivirus package
Is Bloatware dangerous?
In and of itself, bloatware is often just annoying and inconvenient; it’s rarely inherently dangerous. It can, however, track user data, potentially expose your device to security vulnerabilities, or, in some cases, display intrusive advertising or annoying popups. The good news is that it’s often quite straightforward to remove or disable.
Common bloatware inconveniences include taking up storage, memory and processing power (especially if running as a background process every time your device starts), and just the general annoyance and inconvenience of having something you didn’t ask for imposed on your daily life.
It’s worth mentioning an incident in 2014/15 that saw Lenovo ship a number of different consumer laptop models with SuperFish adware installed. Lenovo described this as software “…to assist customers with discovering products similar to what they are viewing.” The software self-installed a self-signer root certificate, introducing a significant vulnerability.
Basically, if you’ve bought a legitimate device from a store or well-known retailer, it’s likely but not certain that any bloatware is generally harmless, if rather annoying. If you’ve bought it from an e-commerce platform’s website like eBay or Amazon, or if it’s a suspiciously cheap TV stick or mobile offered to you at the local market or bar, there may be more to be suspicious about.
Last year, a malware called BADBOX 2.0 was found on black market Android TV sticks commonly used to pirate streaming services, for example. While this is definitively not Bloatware and most definitely malware, BADBOX is an example of how some hardware with opaque supply chains can be vulnerable to malware preloading.
How to tell bloatware from malware (and what’s safe to remove)
It’s fairly easy to figure out whether an app, plugin or other piece of software on your device is bloatware or something more sinister. Below is a quick guide to sorting annoyance from alarm. One thing that’s worth doing regardless – because this guide is not foolproof – is to run a malware scan regularly.
- Can you remove or disable the app using the system uninstallation tools on your device? If so, it’s probably just bloatware.
- Did it show up as a grayed-out or system app in your device’s application list? If so, it’s likely bloatware, so see if you can disable it and avoid using it.
- Does it reappear, or is it re-enabled after a restart? If so, it’s a PUP or potentially malware.
- Does it demand payment, create popups or alerts or use lots of data without providing a service? It’s likely PUP/PUA or malware.
Finally, if you do find you have something on your device that’s tricky to shift, resist the urge to download random ‘cleanup’ apps; this is a classic pathway for malware and adware.
How to remove bloatware
It’s worth mentioning that a recent legal change for EU countries has had an impact on how easy it is to remove bloatware. The EU Digital Markets Act 2024 designates seven specific technology companies as ‘Gatekeepers’, obligating them to provide consumers and competitors with the ability to move their data easily, add applications, set their own preferences for different tools and platforms and ensure their systems interoperate smoothly with others.
On Android
Go to Settings, then Apps to find and remove the bloatware. Some manufacturer’s bloatware cannot be removed – but it generally can be disabled.
On Windows
Hit the Windows key, or select the Windows logo in the menu bar. Go to Settings, then select Apps and then Installed Apps. From there you should be able to find the bloatware you want to remove. Use the menu to the right of the app marked by three dots to select Uninstall, and follow the instructions from there.
On iOS
Here things are a little different; if, for example, you don’t have an Apple watch, then tap and hold on the app icon itself, and select Remove App.
How to avoid bloatware on your next device
There are generally two points at which bloatware can blight your experience: When buying a new device, and when downloading and installing apps.
For your next device, ensure you’re buying through a reputable channel; direct from a vendor generally works well, but there’s still a chance that you’ll be presented with some ‘amazing’ opportunities when you first switch on your shiny new device. Research the device vendor before buying; iOS devices generally don’t have preloaded bloatware, but some companies supplying devices with Android installed are well known to load unwelcome apps. Look for Play Protect certification on Android’s website to check if your device is secure and up to standard.
Google itself sells devices with so-called ‘clean’ installs of Android, although you’ll absolutely be nudged and prompted to use its apps and services during setup – just as Apple does with its computers and mobile devices, too. Avoid suspiciously cheap devices with dubiously full feature sets or app loads, as quite often these are too good to be true.
When downloading applications, check whether ‘extra’ software is mentioned on the download or selection page, and whether it is included as an option when installing. Some installers push ‘standard’ installs that conveniently include bloatware. Take the time to read every option page in the installer or wizard and check you aren’t inadvertently saying yes to something you might regret. A quick way to check before even going near the download is to run a web search for the name of the application followed by ‘+ bloatware’, which may bring up reviews or notes from others who have run into it in the past.
Tips from an ESET expert
“Bloatware should not be ignored simply because it comes pre-installed on a device. While most bloatware is harmless, some pre-installed software can occasionally introduce risks other than simply taking additional battery life.
It remains good practice to review any software that comes with a new device and always remove any apps you don’t need or use. It’s also worth keeping the remaining applications updated and to remain cautious of unexpected permissions requests, especially those involving access to your contacts, location, camera or microphone.”
- Jake Moore, Global Security Advisor
Keep your Android device safe and running smoothly with ESET Mobile Security - scan apps, block phishing, and protect your data in real time.
Bloatware stays with us
Bloatware is an annoyance with roots found deep in the early days of personal computing. It’s generally inconvenient and frustrating to users, but tends not to be the result of malice. More often than not, it’s a combination of business practices just the right side of legality or advertising dressed up as something helpful for customers. That said, when things go wrong, as they did for Lenovo and SuperFish, it can be more serious. It’s a fact of life that spending 20 minutes cleaning up a new device and removing bloatware can make the difference between a frustrating and possibly privacy-invading experience and something altogether more pleasant.
Frequently asked questions
Is bloatware a virus?
No. It’s usually legitimate software, but annoying and often not very useful software at best. But it’s not malicious in intent. The gray area is potentially unwanted programs and adware, which can cross into risky territory. In some cases, cheap off-brand devices have shipped with actual malware pre-installed, which is a different problem entirely.
Is it safe to delete bloatware?
Go for it! If you can uninstall or disable an app through your normal settings, removing it is safe and often frees up space and battery. Leave grayed-out core system apps alone, and don’t use random ‘cleaner’ tools you found online, as they’re often a way to install malware or adware.
What’s an example of bloatware?
Pre-installed weather, news or “assistant” apps you never open, duplicate manufacturer versions of apps your phone already has, or trial versions of paid software. Unfortunately, this last example includes pre-installed antivirus trials that then nag you to subscribe.
Can bloatware contain malware?
Bloatware itself usually isn’t malware, but unpatched pre-installed apps can create security holes.
Does bloatware slow down my phone or computer?
It can. Apps running in the background consume memory, processing power and battery, and they take up storage. Removing what you don’t need is one of the simplest ways to speed up an old (or brand new, for that matter) device.
