Mobile

Thousands of Android apps are extracting your data

It’s no secret that Android apps, and mobile apps, in general, are looking to get user’s data. But do that against the knowledge of users is a violation of privacy. And that’s exactly what around thousands of apps are doing, even after you explicitly deny your permission.

Unfortunately, this issue will not get fixed until the upcoming final release of Android Q which is expected to be later this year. It is important to note that there are checks in place that prevent apps from accessing records of data whose permissions are denied. However, some apps manage to circumvent these boundaries and still gain access to the data. Kind of like hacking.

Research by the ICSI

This was revealed by a research that was conducted by the International Computer Science Institute in June. The researchers did an extensive survey of more than 88,000 apps on the Play Store. They found that 1,325 of those apps were using some roundabout way to get user’s data.

While most of these apps claim to do this ‘for the user’s own good’, personal data is still being used without consent. For instance, take Shutterfly. It is a photo app that lets users take their photos and put it into products such as a mug, a phone case or a simple print. Researchers found that the app is using the GPS coordinates found in the photos’ description, and sending them to their servers. All this, when the user had explicitly, denied location permission.

The Institute sent a complaint to Google and was assured that the issue will be fixed in the upcoming Android Q. Perhaps Android Q will offer better privacy features than the Android Pie. Serge Egelman, the director at the Internation Computer Science Institute said:

Fundamentally, consumers have very few tools and cues that they can use to reasonably control their privacy and make decisions about it.

On the other hand, a spokesperson from the Shutterfly company contradicted the researchers:

Like many photo services, Shutterfly uses this data to enhance the user experience with features such as categorization and personalized product suggestions, all in accordance with Shutterfly’s privacy policy as well as the Android developer agreement.

According to the researchers, the problem is that the file system is often left unprotected for the apps to use. With this vulnerability, apps can be creative with how to obtain a user’s data. One thing the researchers highlighted was how the MAC address of the WiFi network can be used to obtain location data.

Moreover, some apps are even capable of gaining access to a phone’s IMEI – International Mobile Equipment Identity. As a result, perpetrators can have persistent tracking of the user. Once the IMEI is obtained, it is copied as an encoded file in the phone’s SD, where it can be secretly accessed by other apps.

What to do?


Presently only a handful of solutions exist. One is to simply wait for the Android Q. However, as Egelman pointed out that a “vast majority of Android users have older devices and won’t be getting over-the-air updates that patch this vulnerability.

Another solution is to look out for these 1,325 apps and stay away from them. The database of all these apps is compiled as part of the research as the AppCensus platform. Finally, you could just not install any app at all and simply use its website as an alternative.

Sponsored
Muhammad Usman

Leave a Comment
Share
Published by
Muhammad Usman
Tags: androidApps

Recent Posts

250 Government Schools to Be Run by Private Sector

RAWALPINDI: The chairman of the Punjab Education Foundation, Malik Shoaib Awan, stated on Monday that…

43 seconds ago

Pakistan Launches First National Sex Offenders Register to Combat Sexual Violence

Pakistan has taken a significant step towards addressing sexual violence and abuse with the introduction…

7 mins ago

SBP Chief Reports October Remittances Exceed $3 Billion

KARACHI: The State Bank of Pakistan (SBP) is anticipating $500 million from the Asian Development…

17 mins ago

Sindh Assembly Reveals 28,500 Govt Employees’ Spouses as Illegal BISP Beneficiaries

The Sindh Assembly was informed that over 28,500 employees of the provincial government were unlawfully…

1 hour ago

SBP Eases Policy Rate by 2.5% as Inflation Shows Steady Decline

The Monetary Policy Committee (MPC) of the State Bank of Pakistan decided to cut the…

1 hour ago

SECP to Host Pakistan Startup Summit in Karachi Next Week

The Securities and Exchange Commission of Pakistan (SECP) is organizing the Pakistan Startup Summit, which…

2 hours ago