More than 1000 Android apps stealing your personal information without permission, no matter if you choose 'Don't allow'
by
If you set 'Do not allow tracking' when using an Android app, it is natural to think that location data is not provided to the app, but new research shows that thousands of Android apps allow users to fool the Android system It turned out that I was collecting data despite not doing it.
50 Ways to Leak Your Data: An Exploration of Apps' Circumvention of the Android Permissions System-Submitted to FTC PrivacyCon 2019
https://www.ftc.gov/system/files/documents/public_events/1415032/privacycon2019_serge_egelman.pdf
More Than 1,000 Android Apps Steal Your Data Without Permission | Tom's Guide
https://www.tomsguide.com/news/more-than-1000-android-apps-steal-your-data-without-permission
Thousands of Android apps can track your phone — even if you deny permissions-The Verge
https://www.theverge.com/2019/7/8/20686514/android-covert-channel-permissions-data-collection-imei-ssid-location
Researchers surveyed more than 88,000 Android apps and found that at least 1325 apps use the convert and side channels to access personal information without user consent. 'There are hundreds of millions of users affected by this survey,' the researchers said.
Researchers name the application that is doing such an action, for example 'Shutterfly' of the photo processing application sends the user's GPS coordinates from the EXIF data of the photo to the company server without obtaining the user's permission. , Hong Kong's Disneyland app knows that you can access your smartphone ID. Note that Shutterfly denied that CNET was collecting data without the user's permission. Regarding Disneyland's app, Tom's Guide, a technology news site, notes that 'Disney may not have known this.'
by henry perks
The same SDK (software development kit) may be used for two completely unrelated apps installed on an Android smartphone. Therefore, even if the user does not permit data sharing with application A, if data sharing with application B is possible, application A can view data stored by application B. About this, The Verge, an IT news site, equates that 'a child whose mother's request for sweets is refused goes to a father's request for sweets.'
Research shows that Samsung and Disney apps that collect data without permission use SDKs built by Baidu, a Chinese search engine, and Salmonads, a data analysis company. Researchers believe that some apps using this SDK may be trying to retrieve data without the user's knowledge.
Researchers have reported the vulnerability to Google as of September 2018, and it will be difficult to use this method with Android 10 Q, which will be released in the summer of 2019. On the other hand, since the operating system fragmentation is severe in Android and not all Android users are using the latest operating system, many Android users may remain exposed to this vulnerability. Researchers say that they should take other measures, such as providing a patch in a security update.
Related Posts:
