You might want to keep your personal data private by not granting permissions to apps when you use them for the first time. However, according to a reputed source, there are more than 1,000 Android apps that have found ways to circumvent the permissions denied, allowing them to access location and other personal information. The ICSI (International Institute of Computer Science) claims to have found up to 1325 apps on the Play Store that collected this information from users who had been denied permission to do so. The study was presented at PrivacyCon, organized last month by the Federal Trade Commission (FTC).
The study examined the 88,000 Android apps and investigated how they handled the data in the event of permission denial. What the study has discovered is that up to 1325 apps had a code written to capture data related to the location of metadata stored in photos and Wi-Fi connections. Director of usable security and privacy research at ICSI, Serge Egelman presented the data at the conference and stated that Google was informed this past September. The company said the problem will be solved with the launch of Android Q, which is expected after this quarter. Google will hide the information of location in the photos within apps. It will also require apps that work with Wi-Fi to get permission to receive location data.
“Fundamentally, consumers have very few tools and cues that they can use to reasonably control their privacy and make decisions about it. If app developers can just circumvent the system, then asking consumers for permission is relatively meaningless.” – Serge Egelman, director of usable security and privacy research, ICSI
Other apps collect personal information from other apps that have received permission to get it. Denied authorization apps access personal information from unprotected files on an SD card where they are stored by another app that has permission to collect them. While the report states that only 13 Android apps follow this technique to steal personal data, these apps have been installed more than 17 million times and include the app of Hong Kong Disneyland Park Baidu. There are 153 apps that are able to do this, including Samsung Health and Browser apps, installed on more than 500 million devices. Among the personal data that can be stolen with this method is the unique IMEI number of the phone. Other apps connect to a Wi-Fi network to steal location data. These apps get the MAC number that the network adapter can identify on Wi-Fi devices. The report finds that apps used as smart remotes often do so, but there is no legitimate reason for having location data of the user.
Wait Until Next Month To Find Out The Names Of These Apps That Steal Personal Information
As an example of how these solutions are used in real life, the report notes that Shutterfly, images publishing an app, took the GPS coordinates of the photos and sent data for the servers, the permission even if the user is not allowed to the app to get location data. A spokeswoman for the app denied this and said that it collects location data only with the user grants permission.
Egelman says he will reveal the names of the 1,325 Android apps that have collected personal data without permission. This will happen next month when he will present the report again, this time at the Usenix security conference.
It may be recalled that in May, the Wall Street Journal found that of the 80 apps listed on the App Store in the section of “Apps We Love”, 79 of their third-party trackers who fill out personal data of iOS users for ad content, for analytical and marketing purposes.
You may also like:
- Google Play Spotted With More Than 2,000 Malware-Laden Counterfeit Apps
- Temporarily Free Apps for Wednesday On Google Play Store
- The new feature in iOS 13 gives users more control over the apps that track their location
Follow us on Twitter to never miss an update on all the latest news from Apple, Google, Microsoft, and the Web.