Over 1300 apps are accessing your Data on Android devices even without any permission

Permission on Android apps let users give limited access to data. In case certain access is denied to an app, it might find other ways. According to the latest research, around 1300 apps despite restrictions were able to retrieve geolocation data and phone identifiers.

Leading tech companies store tons of data regarding users’ locations, their friends or their interests, making online privacy almost a joke.

Lawmakers are making it part of the privacy regulations and that the users’ data should be controlled with app permission. Though Apple and Google have introduced new features to advance privacy, still many apps find alternate ways to fetch data.

International Computer Science Institute’s researchers found out around 1,325 Android apps that get hold of users’ data even if the permission to access the data is not granted. By the end of June, the director of usable security and privacy research at the ICSI, Serge Egelman presented the findings at the privacy of the Federal Trade Commission.

At the conference, Egelman talked about how there are only a few tools available to users through which they can control their privacy over devices and make other relevant choices. There is no point of asking permission from consumers if apps can easily by-pass the system checks.

Researchers informed Google and FTC in September 2018, said Eagleman. Google replied that they would be resolving the issues in Android Q that will probably come out this year.

According to Google, in the latest update, location information from photos will be hidden from the apps. Apps that access Wi-Fi will need to have permission to obtain location data.

Around 88,000 apps on Google Store were analyzed to check how these apps transfer data when their permission is rejected. Researchers identified 1,325 apps that used workarounds hidden in its code to unethically obtain personal data from either Wi-Fi connections or from the metadata of photos.

A photo editing app, Shutterfly was found to be collecting GPS data from photos even when it was not given the permission but the data was then sent to its server.

Rejecting the findings of researchers, the spokeswoman of Shutterfly said that the app only collected location data, that also through clear means.


The company stated that like any other photo app, location data was collected in accordance with the Android developer agreement and the privacy policy of Shutterfly, to improve user experience and to provide personalized product suggestions and for categorization.

There were some apps that gathered data from other apps that were granted permission to access the device’s data. The unprotected files on SD cards of the devices were read by these apps and from there they would get access to data they were denied permission to.

13 of the apps, that were installed 17 million times were doing this to get access to data, including the Baidu’s HongKong Disneyland park app.

According to researchers, 152 apps that are installed on 500 million devices have the capability, including Health and Browser apps of Samsung.

Other apps got location data through Wifi and MAC address of routers.

The interesting thing is to look forward to Egelman who said he will be revealing the list of 1,325 apps that were discovered by researchers.


Photo: Android

Read next: Adware exist in more than 182 Android Apps since 2018

No comments:

Post a Comment