More than 1K Android apps harvest data even after you deny permissions
Jul 10 2019
And if you set app permissions to prevent it from accessing personal data, the app can still access the data obtained by another app that has it in shared storage. Many new features are being introduced by Apple and Google to improve people's privacy, but many apps still find out some ways to break these barriers and dig out all the information.
The study looked at over 88,000 apps on Google Play and tracked how data was transferred from the app when a user denied permissions.
"If app developers can just circumvent the system, then asking consumers for permission is relatively meaningless", said Serge Egelman, director of usable security and privacy research at UC Berkeley's International Computer Science Institute, which produced the research. In other cases, where the apps simply don't ask for any special permissions, they may still be a collecting a lot more details than you would imagine they have access to. They used different setups and techniques in order to collect data from sources across the phone's software.
Reportedly, a photo-editing app, Shutterfly, was found to be gathering Global Positioning System coordinates from photos and sending that data to its own servers, even when users declined to give the app permission to access location data.
Android Police discovered that Android apps built by Microsoft now include suggestions to install other Microsoft apps if they are not already loaded on the user's smartphone.
A flashlight app has no business accessing a phone's mic and while a third-party phone dialer will need to make calls, it may not need to track the phone's location, especially when not in use. It also added that it used that data to "enhance the user experience".
Back in December Google CEO Sundar Pichai conceded during a session with members of Congress that the company could "do better" when it comes to helping users understand what steps to take to better protect their privacy.
Many apps that accessed data without permission weren't strangers to Android devices.
Last September, Researchers also reported Google and also FTC about these issues. "In practical terms, though, these app behaviors may directly lead to privacy violations because they are likely to defy consumers' expectations", the ICSI report concludes.