As many as 1,325 Android apps access your location data and other information without permission

As many as 1,325 Android apps access your location data and other information without permission
You might think that you're keeping your personal data private by not granting certain permissions to apps when you first use them. However, researches discovered (via CNET) more than 1,000 Android apps that found ways to get around denied permissions allowing them to access location data and other personal user information. The International Computer Science Institute (ICSI) says that it found as many as 1,325 apps in the Google Play Store that collected this data from users who had denied them permission from doing so. The study was presented at PrivacyCon, hosted last month by the Federal Trade Commission (FTC).

The study took a look at 88,000 Android apps and investigated how they handled data when permissions were denied. What the study discovered was that as many as 1,325 apps had code written to take location data from metadata stored in photos and from Wi-Fi connections. Serge Egelman, director of usable security and privacy research at the ICSI, presented the data at the conference and said that Google was notified about this last September. The company said that it would address this issue with the release of Android Q, expected out later this quarter. Google will hide location information in photos from apps. It also will require apps that work with Wi-Fi to get permission to receive location data.


Other apps scoop up personal information from other apps that have received permission to obtain it. The apps denied permission access the personal information from unprotected files on an SD card where it is stored by another app granted permission to collect it. While the report says that only 13 Android apps used this technique to steal personal data, these apps were installed over 17 million times and include Baidu's Hong Kong Disneyland park app. 153 apps are capable of doing this including Samsung's Health and Browser apps, which are installed on over 500 million devices. Among the personal data that can be stolen with this method is a handset's unique IMEI number. Other apps connect to a user's Wi-Fi network to steal location data. These apps obtain the MAC number that can identify the network adapter in Wi-Fi devices. The report notes that apps used as smart remote controls often do this even though there is no legitimate reason for them to have a user's location data.

The names of the 1,325 Android apps that steal personal data will be made public next month


As an example of how these workarounds are used in real life, the report noted that image publishing app Shutterfly took GPS coordinates from photos and sent that data to its servers even if the user didn't grant the app permission to obtain his location data. A spokeswoman for the app denied this and said that it collects location data only with a user's permission.


Egelman says that he will reveal the names of the 1,325 Android apps that collected personal data without permission. This will happen next month when he presents the report again, this time at the Usenix Security conference.


You might recall that back in May, The Wall Street Journal discovered that out of 80 apps listed in Apple's App Store under the heading "Apps We Love," 79 of them contained third-party trackers that collected iOS users' personal data for ads, analytics and marketing purposes. The average app in that group had four trackers installed.

FEATURED VIDEO

26 Comments

1. apple-rulz

Posts: 2198; Member since: Dec 27, 2016

This is not an issue, android users are extremely tech savvy and can not be fooled by any app developer.

3. oldskool50 unregistered

All of the apps they list will be from questionable developers. It won't be from someone like Microsoft or Apple. It will be from China, Saudi or some loser dev. If you ok only download apps from devs who are more well known names, then you really don't have to worry. The fact is, if you really don't want tour data being used, then don't get online.

18. AbhiD

Posts: 850; Member since: Apr 06, 2012

Samsung and Shutterfly aren't well known names? Now they are also shady companies? Lol what?

7. MrMalignance

Posts: 303; Member since: Feb 17, 2013

I'm not saying it isn't an issue, but from the recent tests: Google is at about 66% of tested apps gathering info, Apple was reported at 98% of apps tested gathering info. I know there are other factors, but the optics don't look good

19. AbhiD

Posts: 850; Member since: Apr 06, 2012

It's all about what sort of apps have been tested. If one tests all the shady apps, all of them will be found doing illegal stuff. But if one does a random testing, only a few will be found doing something fishy. Common Sense. Doesn't look like you have it.

29. MrMalignance

Posts: 303; Member since: Feb 17, 2013

@abhid: I wouldn't be throwing stones about common sense. The apps tested on iOS are "apps we love", which are apps apple was vouching for and suggesting that people download. Hardly what would be considered shady

8. Mike88

Posts: 438; Member since: Mar 05, 2019

Buying an android phone is like signing a contract that Google, the oem, the carrier and apps you'll download can have full access to your data without informing you. At least in ios 3rd party apps can't get any info easily beyond the access you provide it. There's an example of a game which can play music from your songs like gta, in ios it'll only have access to your music library while in Android you've to provide full storage access to any app which needs to read or write some part of storage.. There's another example of a game which can store pics in your phone taken from in game virtual camera.. In Android it'll have full storage access while in ios it'll be able to write only instead of reading data from your phone so things are relatively much safer in ios. Now we know even apps without permission can use your data.. What makes you think that fb and other info stealing app won't do it when there's a way to do it?

28. TheOracle1

Posts: 2340; Member since: May 04, 2015

For once I agree with you. This is one of the downsides of using Android. I'm not sure how Stock Android handles internet permissions these days since I haven't used that pos in a while, but on most OEM skins you can block internet access for apps and that's what I do for some apps on my phones. For example, why does my third party launcher need internet access at all since I don't use it for weather or search? If the app doesn't need it I don't grant internet access so it can send all day to nowhere as far as I'm concerned. I've never used location for my photos anyway so I'm not worried there. Beyond that the whole idea that other permissions are useless is troubling.

2. Demo-jay

Posts: 78; Member since: Feb 13, 2018

Even sammy’s own?! Damn..

4. Venom

Posts: 3733; Member since: Dec 14, 2017

I don't think the Samsung ones are being malicious. I think it's just that Samsung devices are more optimized for their services similar to Apple and Google with the Pixel phones.

20. AbhiD

Posts: 850; Member since: Apr 06, 2012

Lol what? Then why do they resort to shady ways to collect user data when the user has explicitly denied it in permissions? Now anything wrong Samsung does will be justified with "optimisation"?

27. MrMalignance

Posts: 303; Member since: Feb 17, 2013

@abhid: it's happening on apple and Android. They both have privacy issues

41. Venom

Posts: 3733; Member since: Dec 14, 2017

Calm down. It's just an educated guess. No need to cry about it.

5. Venom

Posts: 3733; Member since: Dec 14, 2017

I guarantee you that these will be shoddy apps that offer no real use or poorly made apps with overseas owners. Chinese apps are notorious for this.

21. AbhiD

Posts: 850; Member since: Apr 06, 2012

Samsung is chinese? Shut up Samsung suckbouy

42. Venom

Posts: 3733; Member since: Dec 14, 2017

You don't want any of this. I suggest you not to pick a fight you can't win.

6. cmdacos

Posts: 4270; Member since: Nov 01, 2016

All I read is that 99% of tested Apple app store apps leaked data and 1.5% of tested Android apps leaked data.

10. iloveapps

Posts: 867; Member since: Mar 21, 2019

All i know is apple is secure and android is not secure.

11. vgking9699

Posts: 194; Member since: Mar 01, 2019

Then you’re an idiot and didn’t actually read the article, only 80 apps were tested on iOS and 79 had issues while 1,325 android apps had issues which mean more than that were likely test but those 1,325 were just the ones found guilty so far lol Big difference between 79 iOS apps vs 1325 android apps

17. MrMalignance

Posts: 303; Member since: Feb 17, 2013

It's true that they tested more. The article says 88,000 and "as many as" 1,325 had issues. So far the odds look better on Android, with those numbers

35. cmdacos

Posts: 4270; Member since: Nov 01, 2016

vgking you should remove your comment to save yourself some embarrassment.

39. oldskool50 unregistered

More proof Apple fanboys are stupid and can't read, comprehend or count. Based on the facts, out of 80 apps test on iOS, 99% were with issue. 88,000 were tested on Android, and only 1325 had issues. 1325 from 88,000 leave what douchebag? 79 from 80 leaves what? So basically if we test 88,000 apps on IOs, we would find that at least 50% of them would have the same problem. I mean do the math bruh. IOS here shows to have far mor eissues. here is the difference though. When you install an Android app, it shows what it will access. On iOS you have no idea what it will access because nothign pops up and tell you. You're just suppose to trust Apple. Apple isn't gonna always see data trackers. They tend to be well hidden. Both platforms have the same problem regardless of how many apps they find or don't fond. But you fulz always wanna make this an iOS vs Android. if I have lung cancer and you have Skin cancer, if left untreated we are both gonna die and in both cases it still cancer. It doesn't matter if one form of cancer kills more people than the other. The fact is, without treatment you're gonna die regardless. You Apple fans always wanna change the facts to fit some stupid ignorant bull$$$$. The only people you are fooling is yourself.

9. NYCundrgrnd

Posts: 6; Member since: Jul 08, 2019

With so many snouts in the trough, all vying to snatch as much data for harvest and ad dollars, is there any wonder the present state is demonstrably hostile to consumers. And frankly Google (and a somehow lesser extent Apple) are to blame. Smartphones with unchecked apps written by predatory developers all overseen by 2 tech giants that benefit directly and indirectly is all the proof necessary that data needs protection like financial info.

12. Be_Mine

Posts: 290; Member since: Dec 29, 2013

It's true. Apple use the best security system. Jennifer Lawrence, Victoria Justice, Kate Upton and so many other celebrities can approved this.

22. AbhiD

Posts: 850; Member since: Apr 06, 2012

If you give in your data on a shady website on your own, it's not apple's fault you idiot! Looks like you don't even have a basic sense

32. Be_Mine

Posts: 290; Member since: Dec 29, 2013

Please, do enlighten us.... Oh wise one. What shady website are you talking about? iCloud? Or, are you talking about the Apple servers some teen from Australia hacked a while ago?

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.