More than 1,300 Android apps gathering data without permission
More than 1,300 apps for Google’s Android mobile operating system have been found to be sharing sensitive information, even if users have explicitly denied them permission to do so.
This is according to research conducted by International Computer Science Institute (ICSI), which identified 1,325 apps that evade restrictions to harvest data including location information and phone identifiers.
The study, which examined more than 88,000 apps in the Google Play Store, found the offending apps used workarounds hidden in their code to circumvent the permissions settings and gather data from sources such as Wi-Fi connections and metadata stored in photos.
For example, one photo-editing app, Shutterfly, was able to obtain location data from GPS coordinates embedded in photos, even if users had refused it permission to access their phone’s location directly.
Other apps were able to gain location data by connecting to users’ Wi-Fi networks and figuring out the router’s MAC address, while some were able to read through unprotected files on a device’s SD card to harvest personal data.
Serge Egelman, director of usable security and privacy research at ICSI, said Google had been notified of these issues last September, along with the US Federal Trade Commission, but the tech giant will not be addressing the problem until the launch of Android Q later this year.
Mr Egelman added: “Fundamentally, consumers have very few tools and cues that they can use to reasonably control their privacy and make decisions about it. If app developers can just circumvent the system, then asking consumers for permission is relatively meaningless.”
Google has said that Android Q will have measures to prevent these workarounds, such as hiding location information in photos from apps and requiring any apps that access Wi-Fi to also have permission for location data.
It is expected to be available in September – though as is usually the case with major Android updates, it may take a while to filter through to every device.
Share This Post, Choose Your Platform!
With over 25 years in the business telecoms industry and an unrivalled reputation of delivering excellent, personal customer service, Arrow is one of very few companies in the UK able to provide a full telecoms, IT and energy consultancy and service proposition.
Savings through automation, scale, improved service. We’ve got that covered. But the true value comes with empathy, through empowerment, collaboration. It’s connecting people that drives us forward. It’s people that make tomorrow happen.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.