Researchers: 2/3rds of Android apps suspiciously collect sensitive data without user consent

“Researchers from Intel Labs, Duke University, and Pennsylvania State University have created a tool that analyzes how Android apps handle the data they access on smartphones,” Elinor Mills reports for CNET. “Results from experiments on 30 apps might surprise some people.”

“When a user wants to download an Android app, a permissions screen is displayed that explains exactly what data and resources the app has access to, and users must click ‘OK’ before the download can proceed,” Mills reports. “The report suggests that users can be at risk because they are not told how the apps use their data. ‘Android’s course-grained access control provides insufficient protection against third-party applications seeking to collect sensitive data,’ the report, entitled ‘Realtime Privacy Monitoring on Smartphones,’ said.”

Mills reports, “Specifically, the researchers found that two-thirds of the 30 apps in the sample used sensitive data suspiciously, half share location data with advertising or analytics servers without requiring ‘implicit or explicit user consent,’ and one-third expose the device ID, sometimes with the phone number and the SIM card serial number. In all, the researchers said they found 68 instances of potential misuse of users’ private information across 20 applications.”

Read more in the full article here.

MacDailyNews Take:

[Thanks to MacDailyNews Reader “crabapple” for the heads up.]


Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.