Science

Over 1,000 Android apps harvest data including location even after you've DENIED permission


Over 1,000 Android apps continue to harvest data including location even after you’ve DENIED permission, shocking report reveals

  • Over 1,300 Android apps were found tracking personal data without consent
  • Researchers say apps use Wi-Fi data and metadata in photos to track users
  • The monitoring is done regardless of whether users’ allow permission
  • Some apps were able to access unique phone identifiers, the report found
  • Google said it will fix the leaks in its upcoming Android Q operating system 

Researchers say that even permissions requests aren’t enough to stop at least 1,000 Android apps from hoovering your personal data. 

According to a report presented at the Federal Trade Commission’s PrivacyCon, 1,325 apps in the Google Play Store use workarounds built into their code to subvert users’ requests not to harvest their information. 

To do so, the report says those apps turn to sources like Wi-Fi and metadata stored in users’ pictures to help glean a unique signature and sometimes even a user’s location.

Researchers say that even permissions requests aren't enough to stop at least 1,000 Android apps from hoovering your personal data. File photo

Researchers say that even permissions requests aren’t enough to stop at least 1,000 Android apps from hoovering your personal data. File photo

WHAT APPS MAY BE DOING THIS? 

A study presented at the Federal Trade Commission’s PrivacyCon found 1,325 apps in the Google Play Store have the ability to use workarounds built into their code to subvert users’ requests not to harvest their information. 

This includes popular apps such as:

  • Shutterfly
  • Baidu’s Disneyland app (Hong Kong) 
  • Samsung Health & Browser apps 

Google said it plans to fix many of the personal data leaks with the upcoming release of its Android Q operating system.

The apps found to be sleuthing users’ phones for personal data were identified out of 88,000 analyzed by researchers and include popular photo-sharing platforms like Shutterfly. 

As reported by CNET, Shutterfly was found to be harvesting GPS coordinates from users’ photos even despite the fact that many declined to share their location data within their device. 

In some cases, researchers noted that apps were able to piggyback off of other apps permission and access protected files on a user’s SD card. 

Of the 88,000 apps assessed only 13 were discovered to be doing so.

Among those apps are Baidu’s Disneyland App for the company’s Hong Kong location. 

Google said it plans to fix many of the personal data leaks with the upcoming release of its Android Q operating system, however, users with older devices not as equipped to handle new software may not have easy access to the update. 

The research represents yet another fold in the tug-of-war between consumers and companies over the control of personal data. 

While most research has been focused on apps and platforms that gather information through more official channels — Facebook and Google chief among them — less attention is paid to those that may be gleaning information through side-channels. 

Increasingly, companies have been offering more options for users fed up with constant tracking and monitoring. 

For instance, security updates announced in Apple’s newest iOS 13 will notify users how an app is tracking them, including their location. 

The feature will also reportedly ask users whether or not they want to continue granting location privileges to said apps. 

The new iOS will also add more options to its permission requests, letting using choose if they want to allow access to their location all the time, on a case-by-case basis, or just once.



READ SOURCE

Leave a Reply

This website uses cookies. By continuing to use this site, you accept our use of cookies.