Mobile

Thousands of Android apps are extracting your data

It’s no secret that Android apps, and mobile apps, in general, are looking to get user’s data. But do that against the knowledge of users is a violation of privacy. And that’s exactly what around thousands of apps are doing, even after you explicitly deny your permission.

Unfortunately, this issue will not get fixed until the upcoming final release of Android Q which is expected to be later this year. It is important to note that there are checks in place that prevent apps from accessing records of data whose permissions are denied. However, some apps manage to circumvent these boundaries and still gain access to the data. Kind of like hacking.

Research by the ICSI

This was revealed by a research that was conducted by the International Computer Science Institute in June. The researchers did an extensive survey of more than 88,000 apps on the Play Store. They found that 1,325 of those apps were using some roundabout way to get user’s data.

While most of these apps claim to do this ‘for the user’s own good’, personal data is still being used without consent. For instance, take Shutterfly. It is a photo app that lets users take their photos and put it into products such as a mug, a phone case or a simple print. Researchers found that the app is using the GPS coordinates found in the photos’ description, and sending them to their servers. All this, when the user had explicitly, denied location permission.

The Institute sent a complaint to Google and was assured that the issue will be fixed in the upcoming Android Q. Perhaps Android Q will offer better privacy features than the Android Pie. Serge Egelman, the director at the Internation Computer Science Institute said:

Fundamentally, consumers have very few tools and cues that they can use to reasonably control their privacy and make decisions about it.

On the other hand, a spokesperson from the Shutterfly company contradicted the researchers:

Like many photo services, Shutterfly uses this data to enhance the user experience with features such as categorization and personalized product suggestions, all in accordance with Shutterfly’s privacy policy as well as the Android developer agreement.

According to the researchers, the problem is that the file system is often left unprotected for the apps to use. With this vulnerability, apps can be creative with how to obtain a user’s data. One thing the researchers highlighted was how the MAC address of the WiFi network can be used to obtain location data.

Moreover, some apps are even capable of gaining access to a phone’s IMEI – International Mobile Equipment Identity. As a result, perpetrators can have persistent tracking of the user. Once the IMEI is obtained, it is copied as an encoded file in the phone’s SD, where it can be secretly accessed by other apps.

What to do?


Presently only a handful of solutions exist. One is to simply wait for the Android Q. However, as Egelman pointed out that a “vast majority of Android users have older devices and won’t be getting over-the-air updates that patch this vulnerability.

Another solution is to look out for these 1,325 apps and stay away from them. The database of all these apps is compiled as part of the research as the AppCensus platform. Finally, you could just not install any app at all and simply use its website as an alternative.

Sponsored
Muhammad Usman

Share
Published by
Muhammad Usman
Tags: androidApps

Recent Posts

Telecom Operators to Automatically Restore SIMs for Tax Filers

The Federal Board of Revenue (FBR) has introduced a comprehensive mechanism for blocking and unblocking…

58 mins ago

Trump’s Influence Fuels Bitcoin to Cross $100,000

Bitcoin broke the $100,000 mark for the first time on Thursday, driven by Trump's crypto-friendly…

1 hour ago

PSX Hits New Heights, Surges by 1,800 Points to Cross 97,000

On Thursday, the Pakistan Stock Exchange (PSX) 100 Index surged by 1,781.94 points, or 1.86%,…

2 hours ago

Pakistan’s IT Minister Defends Internet Restrictions: Here’s All We Know!

Shaza Fatima Khawaja, Minister of State for IT and Telecom, made it clear on Thursday…

3 hours ago

PayPal Resolves Global Outage Impacting Thousands

PayPal, the global payment processing company, announced on Friday that it had successfully resolved a…

4 hours ago

7,300 Teaching Interns Hired Across Punjab

LAHORE: Punjab government colleges have completed the recruitment of 7,354 teaching interns. The Higher Education…

4 hours ago