As many as 1,325 Android apps access your location data and other information without permission
One is taught to think that they are letting their privacy be intact when not granting permissions to applications on the phone, when initially installing them. However, recent research has shown that over a thousand applications made for Android have found ways and means to slip between the cracks and track personal information and location data of their users. The international Computer Science Institute has found at least 1325 applications on the Google Play Store which have collected data from users who had initially denied them permission to do so. The study was broadcasted at the PrivacyCon which was hosted in June by the Federal Trade Commission.
The study surveyed 88,000 Android applications and made investigations on how these apps handled the data when permission was not granted. They saw that applications were coded so as to extract location data from metadata which is stored in photos and Wi-Fi connections. Serge Egelman, the director of usable security and privacy research at the ICSI said that this data breach had been brought to the notice of Google in September 2018 itself. The company had said that the issue will be addressed when the Android Q release would take place at the finish of this quarter. Google will until then, withhold location information from photos to be viewed by apps. It will also need apps which work on wireless connections to ask specific permission to receive location data.
Other applications take this private information from other applications which have been permitted to view data. Those which have been denied access do this through unprotected files on the SD card where it can be stored by applications that have been permitted to access it. The report says that only 13 applications use this method of accessing information, but these have been downloaded 17 million times at least and include the Disney Land App as well.
153 applications are capable of conducting this function and this list is inclusive of the Samsung Health and Browser apps. These have been installed on 500 million mobile phones and tabs. Personal data which can be stolen like this are the IMEI number of your device. Applications which connect to a wi-fi network and steal location data obtain the MAC number which links to the network adapter of these devices.
Even smart remote controls access such information though they have no use for it.
The list of names of apps which are stealing data will be published by next month.
The report stated that the image publication website Shutterfly took GPS coordinates from pictures and transferred this data to the servers even when the app was not given permission to access this. A spokesperson for the company has since denied the claim.
According to Egelman, he will be revealing the names of these websites next month when the report is presented at the Usenix Security Conference. This incident is a dead ringer for the one which happened a few years ago that 79 of the 80 applications which were listed in Apple’s App Store as top applications were found by the Wall Street Journal to contain third party trackers which collected personal data for ads and analytics.