Connect with us

Hi, what are you looking for?

Tech & Science

Over a thousand Android apps collecting data without permission

Permissions on Android apps can be turned on, turned off, or operated with restrictions. But even when the permissions settings on some apps have been deactivated, some apps have been getting around this and they have continued to collect data. A new finding shows how over 1,000 apps (1,325 in total) have avoided restrictions and have been collecting specific geolocation data together with smartphone identifiers. without device users being aware.

This discovery comes from a consortium of researchers (under the auspice of the non-profit International Computer Science Institute) who have put together a white paper tiled “50 Ways to LeakYour Data: An Exploration of Apps’ Circumvention of the Android Permissions System”.” The study finds that several apps circumvent the permission settings and are able to gain access to protected data by exploiting both covert and side channels.

With these two mechanisms, side channels present in the implementation of the permission system enable apps to access protected data together with system resources without requiring permission. With covert channels, this approach allows communication to take place between two colluding apps so that one app can share its permission protected data with another app which does not have permission enabled.

Speaking with CNet, one of the researchers, Serge Egelman, states: “Fundamentally, consumers have very few tools and cues that they can use to reasonably control their privacy and make decisions about it. If app developers can just circumvent the system, then asking consumers for permission is relatively meaningless.” The researcher has flagged the error with Google, hoping that improvements with Google’s operating system will prevent future apps from exploiting the same loopholes.

The same group of researchers have also found that thousands of Android apps are collecting identifying information which leaves a permanent record of the activity on a device. Such data is often used to target users for advertising. This happens when apps track a user by linking someone’s Advertising ID with other identifiers on a device that are difficult to change.

Avatar photo
Written By

Dr. Tim Sandle is Digital Journal's Editor-at-Large for science news. Tim specializes in science, technology, environmental, business, and health journalism. He is additionally a practising microbiologist; and an author. He is also interested in history, politics and current affairs.

You may also like:

Business

Plans for a $70-billion project to build the world’s largest artificial intelligence (AI) data centre were unveiled today in Alberta.

Social Media

Exactly how dumb can you afford people to be? The bottom of the barrel is making noises already.

Business

Hong Kong and Shanghai stocks rallied Tuesday after China pledged to adopt a looser monetary policy to revive the stuttering economy.

World

Chinese President Xi Jinping warned Tuesday that there would be "no winners" in a trade war with the United States.